Date: Wed, 8 Aug 2001 17:14:31 -0500 From: Mike Meyer <mwm@mired.org> To: "Thomas Beer" <tom@analogon.com> Cc: "Mike Meyer" <mwm@mired.org>, <questions@freebsd.org> Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-01:52.fragment Message-ID: <15217.47559.76937.424052@guru.mired.org> In-Reply-To: <004c01c1204d$43d6b640$0901a8c0@system> References: <15216.30828.442770.319628@guru.mired.org> <004c01c1204d$43d6b640$0901a8c0@system>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Beer <tom@analogon.com> types: > > Comment 1) If you really want people to confirm a PGP signature, you > > need to send the message unmodified. That means you can't send it > > quoted by your mailer, or in mangled in any other way; you have to > > send it as an attachement. > This was/ is a freebsd security advisory and I thougth/ think, that I am > not the only one on this list who will receive it... If you're expecting that someone who correctly verified the signature to say so, then you don't need to send the entire thing, just enough information to identify it. > > Comment 2) Asking others to verify a signature doesn't say a thing > > about the validity of the signature. If they say it's fine for them, > > that means you need to figure out why your software is complaining > > about the signature and verify it yourself, *not* trust it. > the second advisory, from the same day was fine... Which has nothing at all to do with whether or not you should trust someone else telling you that an advisory was fine. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15217.47559.76937.424052>