From owner-freebsd-questions@FreeBSD.ORG Wed Mar 17 13:22:23 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC15716A4CE for ; Wed, 17 Mar 2004 13:22:23 -0800 (PST) Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84DCC43D1F for ; Wed, 17 Mar 2004 13:22:23 -0800 (PST) (envelope-from rperry4@earthlink.net) Received: from dialup-171.75.72.22.dial1.weehawken.level3.net ([171.75.72.22] helo=earthlink.net) by snipe.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1B3iUS-0004DV-00; Wed, 17 Mar 2004 13:22:17 -0800 Message-ID: <4058C1B3.10203@earthlink.net> Date: Wed, 17 Mar 2004 16:22:59 -0500 From: Bob Perry User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040313 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kris Kennaway References: <405344E5.8090809@earthlink.net> <405363AF.8000108@gmx.at> <4057EC9B.9080102@earthlink.net> <20040317062305.GA59039@xor.obsecurity.org> In-Reply-To: <20040317062305.GA59039@xor.obsecurity.org> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD-Questions Subject: Re: PGP Utility? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 21:22:23 -0000 Kris Kennaway wrote: >On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote: > > > >>I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the README >>and HOWTOs. Ran into a problem re "...unsafe ownership of the main >>configuration file...." Searched the mailing list archives with little >>luck >>but, more importantly, the users' mailing list was unavailable. >> >> > >Well, what is the ownership? gnupg probably expects it to be owned by >the user and not to be world- or group- writable, and maybe not to be >readable either. i.e. the permissions on the file should be secure. > > > >>My objective was to just install a security patch. Is the file >>verification >>step really necessary? >> >> > >That all depends on whether or not you have a trojaned copy of the >security patch :-) > >Kris > > Kris, Thanks for responding. I had installed the GPA graphical interface and it was having a bad hair day or something. I resolved my initial problem by deinstalling/reinstalling the gnugp port and using the command line to set the program up. I'm at the stage now, where I need to validate and certify the Security Officer's PGP key before I can verify the signature. Documentation suggests "...comparing the key during a phone call." Later, there is the reality that "If you don't know the owner of the public key you are really in trouble." Is there some recommended course to follow when it comes to handling these FreeBSD security patches? Thanks, Bob -- I've learned that whatever hits the fan will not be evenly distributed. FreeBSD 4.9-RELEASE-p2 #0