On Tue, 2002-11-12 at 17:40, Jeffrey Stedfast <[EMAIL PROTECTED]> wrote:
> Subject: Re: [Evolution] Evolution-1.2 vs pgp encryption > To: Stacey Roberts <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > > Evolution no longer supports anything other than gnupg. > > Why not? because I rewrote the pgp backend code to be much more robust > [snip] > We now just use execvp() and let > the shell find the pgp binary for us. It makes the UI oh so much simpler > for the average user. Indeed it does for the class of users who don't know about PGP. I would think that anyone who is smart enough to handle gnupgp - set it up, handle keyrings and so forth - can use "which". But that's not my point. My point is the use of execvp(). Take a look in the Vuln-dev or other archives and see how many vulnerabilities revolve around using execvp() instead of the short-forms of the exec() system call. The user of Evo may not the the owner or administrator of the machine. has anyone run one of the basic tools for checking the source of Evo for the plethora of classical security coding risks? /anton _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
