From owner-freebsd-questions@FreeBSD.ORG Wed Mar 17 13:28:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03E2716A4CE for ; Wed, 17 Mar 2004 13:28:01 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id C162D43D1F for ; Wed, 17 Mar 2004 13:28:00 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 17 Mar 2004 15:28:29 -0600 Message-ID: <4058C2DC.4060508@daleco.biz> Date: Wed, 17 Mar 2004 15:27:56 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bob Perry References: <405344E5.8090809@earthlink.net> <405363AF.8000108@gmx.at> <4057EC9B.9080102@earthlink.net> <20040317062305.GA59039@xor.obsecurity.org> <4058C1B3.10203@earthlink.net> In-Reply-To: <4058C1B3.10203@earthlink.net> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Mar 2004 21:28:29.0750 (UTC) FILETIME=[CA8AAD60:01C40C66] cc: FreeBSD-Questions cc: Kris Kennaway Subject: Re: PGP Utility? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 21:28:01 -0000 Bob Perry wrote: > Kris Kennaway wrote: > >> On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote: >> >> >> >>> I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the >>> README >>> and HOWTOs. Ran into a problem re "...unsafe ownership of the main >>> configuration file...." Searched the mailing list archives with >>> little luck >>> but, more importantly, the users' mailing list was unavailable. >>> >> >> >> Well, what is the ownership? gnupg probably expects it to be owned by >> the user and not to be world- or group- writable, and maybe not to be >> readable either. i.e. the permissions on the file should be secure. >> >> >> >>> My objective was to just install a security patch. Is the file >>> verification >>> step really necessary? >>> >> >> >> That all depends on whether or not you have a trojaned copy of the >> security patch :-) >> >> Kris >> >> > Kris, > > I'm at the stage now, where I need to validate and certify the > Security Officer's PGP key before I can verify the signature. > Documentation suggests "...comparing > the key during a phone call." Later, there is the reality that "If > you don't know the > owner of the public key you are really in trouble." > > Is there some recommended course to follow when it comes to handling > these > FreeBSD security patches? > > Thanks, > > Bob PGP keys for all the FreeBSD officers are available in an appendix D of the FreeBSD handbook. If your local copy is old, you could check the online version at www.freebsd.org/handbook. HTH, Kevin Kinsey DaleCo, S.P.