[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Clarifications on PGP5 'vulnerabilities'

Tommi Virtanen <tv-nospam-this-address-is-ok-just-reply@hq.yok.utu.fi> wrote:
> 
> 	The political side of this issue must not be forgotten, but
> 	nothing in what you wrote means that PGP 5.x is anymore
> 	"dangerous" than PGP 2.6.3i (to me, or to the way Debian uses
> 	PGP signatures to authenticate packages). 

if i understood him correctly then the difference is in the
silence that pgp5 keeps, not telling anybody that the second
key is also used.

could this please someone verify? if it's right then this
_is_ a rather desturbing "feature".


> As such, I think
> 	this issue does not belong to debian-devel, 

not agreed.

jjm

-- 
Juergen Menden             
at work: menden@informatik.tu-muenchen.de  tel: +49 (89) 289 - 22387  
private: menden@morgana.camelot.de         tel: +49 (89) 89 712 743

Support the anti-Spam amendment.  Join at http://www.cauce.org/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: