Re: unsafe use of gpg

To: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Cc: debian-devel@lists.debian.org
Subject: Re: unsafe use of gpg
From: Peter Samuelson <peter@p12n.org>
Date: Fri, 14 Dec 2012 16:56:49 -0600
Message-id: <[🔎] 20121214225649.GN4151@p12n.org>
In-reply-to: <[🔎] 844njoipms.fsf@sauna.l.org>
References: <[🔎] 50CB432F.1040805@debian.org> <[🔎] 844njoipms.fsf@sauna.l.org>

[Timo Juhani Lindfors]
> Is
> 
> /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
> chmod a+x file
> ./file
> 
> still a safe way to ensure that only code signed by a key in trusted.gpg
> gets executed?

>From the manpage:

    Note that this adds a keyring to the current list. If the intent
    is to use the specified keyring alone, use --keyring along with
    --no-default-keyring.

Peter

Reply to:

Follow-Ups:
- Re: unsafe use of gpg
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

References:
- unsafe use of gpg
  - From: Ansgar Burchardt <ansgar@debian.org>
- Re: unsafe use of gpg
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

Prev by Date: Re: unsafe use of gpg
Next by Date: Re: unsafe use of gpg
Previous by thread: Re: unsafe use of gpg
Next by thread: Re: unsafe use of gpg
Index(es):
- Date
- Thread