From owner-freebsd-questions  Wed Aug  8 15:14:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-27-141-144.mmcable.com [24.27.141.144])
	by hub.freebsd.org (Postfix) with SMTP id EDB2337B432
	for <questions@freebsd.org>; Wed,  8 Aug 2001 15:14:31 -0700 (PDT)
	(envelope-from mwm@mired.org)
Received: (qmail 32519 invoked by uid 100); 8 Aug 2001 22:14:31 -0000
From: Mike Meyer <mwm@mired.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15217.47559.76937.424052@guru.mired.org>
Date: Wed, 8 Aug 2001 17:14:31 -0500
To: "Thomas Beer" <tom@analogon.com>
Cc: "Mike Meyer" <mwm@mired.org>, <questions@freebsd.org>
Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-01:52.fragment
In-Reply-To: <004c01c1204d$43d6b640$0901a8c0@system>
References: <15216.30828.442770.319628@guru.mired.org>
	<004c01c1204d$43d6b640$0901a8c0@system>
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Thomas Beer <tom@analogon.com> types:
> > Comment 1) If you really want people to confirm a PGP signature, you
> > need to send the message unmodified. That means you can't send it
> > quoted by your mailer, or in mangled in any other way; you have to
> > send it as an attachement.
> This was/ is a freebsd security advisory and I thougth/ think, that I am
> not the only one on this list who will receive it...

If you're expecting that someone who correctly verified the signature
to say so, then you don't need to send the entire thing, just enough
information to identify it.

> > Comment 2) Asking others to verify a signature doesn't say a thing
> > about the validity of the signature. If they say it's fine for them,
> > that means you need to figure out why your software is complaining
> > about the signature and verify it yourself, *not* trust it.
> the second advisory, from the same day was fine...

Which has nothing at all to do with whether or not you should trust
someone else telling you that an advisory was fine.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message