From owner-freebsd-questions@FreeBSD.ORG Tue Mar 16 22:23:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6667616A4CE for ; Tue, 16 Mar 2004 22:23:08 -0800 (PST) Received: from mta4.rcsntx.swbell.net (mta4.rcsntx.swbell.net [151.164.30.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37EF643D2D for ; Tue, 16 Mar 2004 22:23:08 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (9634c8aee19f1d1d5a4ae27b8b9b0945@adsl-67-119-53-203.dsl.lsan03.pacbell.net [67.119.53.203])i2H6N6uW000263; Wed, 17 Mar 2004 00:23:06 -0600 (CST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 62FB551880; Tue, 16 Mar 2004 22:23:05 -0800 (PST) Date: Tue, 16 Mar 2004 22:23:05 -0800 From: Kris Kennaway To: Bob Perry Message-ID: <20040317062305.GA59039@xor.obsecurity.org> References: <405344E5.8090809@earthlink.net> <405363AF.8000108@gmx.at> <4057EC9B.9080102@earthlink.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline In-Reply-To: <4057EC9B.9080102@earthlink.net> User-Agent: Mutt/1.4.2.1i cc: FreeBSD-Questions Subject: Re: PGP Utility? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 06:23:08 -0000 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote: > I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the README > and HOWTOs. Ran into a problem re "...unsafe ownership of the main > configuration file...." Searched the mailing list archives with little= =20 > luck > but, more importantly, the users' mailing list was unavailable. Well, what is the ownership? gnupg probably expects it to be owned by the user and not to be world- or group- writable, and maybe not to be readable either. i.e. the permissions on the file should be secure. > My objective was to just install a security patch. Is the file=20 > verification > step really necessary? That all depends on whether or not you have a trojaned copy of the security patch :-) Kris --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAV+7IWry0BWjoQKURAlCyAKDkJ8PYRJZXj1knz+HtCUBwQgOG2gCg51yt QgJGl/J17lBW3NZwtNd1DB0= =emHG -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--