PGP Utility?
Kris Kennaway
kris at obsecurity.org
Tue Mar 16 22:23:08 PST 2004
On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote:
> I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the README
> and HOWTOs. Ran into a problem re "...unsafe ownership of the main
> configuration file...." Searched the mailing list archives with little
> luck
> but, more importantly, the users' mailing list was unavailable.
Well, what is the ownership? gnupg probably expects it to be owned by
the user and not to be world- or group- writable, and maybe not to be
readable either. i.e. the permissions on the file should be secure.
> My objective was to just install a security patch. Is the file
> verification
> step really necessary?
That all depends on whether or not you have a trojaned copy of the
security patch :-)
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040316/cb6d0692/attachment.bin
More information about the freebsd-questions
mailing list