http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775
------- Additional Comments From [EMAIL PROTECTED] 2008-01-09 19:17 ------- (in reply to comment #4) > If Eve convinces Bob to trust a different key, then it doesn't matter what we > do. Security people are supposed to be paranoid about unlikely threats because attackers are good about finding ways to make the unlikely possible. The idea here is that Eve uses the fact that her key verifies the good signature on the good copy of MalAssassin to trick Bob into accepting that her key is a new one for the software releases. She can't do that if the keys are cross-certified. (in reply to comment #5) > Anyone else want to take a stab at it? I will, but I have to be reminded what is the hostname for the zone machine and if I have to do anything special to get ssh and sudo access to it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
