[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unsafe use of gpg

[Timo Juhani Lindfors]
> Is
> /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
> chmod a+x file
> ./file
> still a safe way to ensure that only code signed by a key in trusted.gpg
> gets executed?

>From the manpage:

    Note that this adds a keyring to the current list. If the intent
    is to use the specified keyring alone, use --keyring along with


Reply to: