Re: Clarifications on PGP5 'vulnerabilities'
Tommi Virtanen <tv-nospam-this-address-is-ok-just-reply@hq.yok.utu.fi> wrote:
>
> The political side of this issue must not be forgotten, but
> nothing in what you wrote means that PGP 5.x is anymore
> "dangerous" than PGP 2.6.3i (to me, or to the way Debian uses
> PGP signatures to authenticate packages).
if i understood him correctly then the difference is in the
silence that pgp5 keeps, not telling anybody that the second
key is also used.
could this please someone verify? if it's right then this
_is_ a rather desturbing "feature".
> As such, I think
> this issue does not belong to debian-devel,
not agreed.
jjm
--
Juergen Menden
at work: menden@informatik.tu-muenchen.de tel: +49 (89) 289 - 22387
private: menden@morgana.camelot.de tel: +49 (89) 89 712 743
Support the anti-Spam amendment. Join at http://www.cauce.org/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: