Date: Wed, 17 Mar 2004 15:27:56 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: Bob Perry <rperry4@earthlink.net> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: PGP Utility? Message-ID: <4058C2DC.4060508@daleco.biz> In-Reply-To: <4058C1B3.10203@earthlink.net> References: <405344E5.8090809@earthlink.net> <405363AF.8000108@gmx.at> <4057EC9B.9080102@earthlink.net> <20040317062305.GA59039@xor.obsecurity.org> <4058C1B3.10203@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Perry wrote: > Kris Kennaway wrote: > >> On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote: >> >> >> >>> I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the >>> README >>> and HOWTOs. Ran into a problem re "...unsafe ownership of the main >>> configuration file...." Searched the mailing list archives with >>> little luck >>> but, more importantly, the users' mailing list was unavailable. >>> >> >> >> Well, what is the ownership? gnupg probably expects it to be owned by >> the user and not to be world- or group- writable, and maybe not to be >> readable either. i.e. the permissions on the file should be secure. >> >> >> >>> My objective was to just install a security patch. Is the file >>> verification >>> step really necessary? >>> >> >> >> That all depends on whether or not you have a trojaned copy of the >> security patch :-) >> >> Kris >> >> > Kris, > > I'm at the stage now, where I need to validate and certify the > Security Officer's PGP key before I can verify the signature. > Documentation suggests "...comparing > the key during a phone call." Later, there is the reality that "If > you don't know the > owner of the public key you are really in trouble." > > Is there some recommended course to follow when it comes to handling > these > FreeBSD security patches? > > Thanks, > > Bob PGP keys for all the FreeBSD officers are available in an appendix D of the FreeBSD handbook. If your local copy is old, you could check the online version at www.freebsd.org/handbook. HTH, Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4058C2DC.4060508>