Bug#341976: patch

To: 341976@bugs.debian.org
Subject: Bug#341976: patch
From: "Dwayne C. Litzenberger" <dlitz@dlitz.net>
Date: Tue, 11 Sep 2007 18:08:17 -0600
Message-id: <[🔎] 20070912000817.GA18721@rivest.dlitz.net>
Reply-to: "Dwayne C. Litzenberger" <dlitz@dlitz.net>, 341976@bugs.debian.org
In-reply-to: <4565841D.7040305@stanchina.net>
References: <4565841D.7040305@stanchina.net>

On Thu, Nov 23, 2006 at 12:21:01PM +0100, Flavio Stanchina wrote:

tags 341976 + patch
thanks

Here's a patch that adds a "get <keyid> <server>" command to apt-key.

This patch is dangerously insecure, since it does not perform anyverification that the key that gets retrieved actually matches a trustedkey fingerprint.

If you're going to do this at all, the correct thing to do is probably torequire the user to enter the full 40-character (160-bit) key fingerprintas the key id.


--
Dwayne C. Litzenberger <dlitz@dlitz.net>

Reply to:

Prev by Date: Bug#24717: fwd mrkt News1etter
Next by Date: Bug#441942: [PATCH] apt-key should allow exporting trusted keys
Previous by thread: Bug#24717: fwd mrkt News1etter
Next by thread: Bug#441942: [PATCH] apt-key should allow exporting trusted keys
Index(es):
- Date
- Thread