[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] SUID bit - how do I set it?
>>>>> "Chris" == Chris J/#6 <sixie [at] nccnet.co.uk> writes:
    Chris> Gnupg doesn't implement ADK's so isn't at risk. 
[...]
    Chris> One point to remember: changing your version of PGP won't
    Chris> solve the problem when you're receiving encrypted mail as
    Chris> it is the /sender's/ PGP that is at fault.
But doesn't GPG read mail encrypted with PGP?  If so, GPG users are at
risk.  I consider the privacy of other's mail to me (in many, perhaps
the majority, of cases) a more important risk than the privacy of my
own in the other direction.
If not, you have the pleasant choice from:
   (1) not getting somewhat-secure mail from PGP-only sites
   (2) installing PGP (and you are at risk both ways if you
       communicate with them)
   (3) forcing your correspondents to install GPG, a not necessarily
       pleasant political task.
True, if you are running GPG it's not "your fault."  There are still
security risks that one is exposed to by using GPG, that users may not
have thought about, due to this bug.
    Chris> If you're really that paranoid though, you'd audit the
    Chris> software yourself :)
I do, occasionally.  In cases of public key protocols, I lack the
necessary hubris.  Believe that or not, as you will.
-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 
  GNU the choice of a complete generation.