Kris Kennaway wrote:

On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote:



I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the README
and HOWTOs. Ran into a problem re "...unsafe ownership of the main
configuration file...." Searched the mailing list archives with little luck
but, more importantly, the users' mailing list was unavailable.



Well, what is the ownership? gnupg probably expects it to be owned by the user and not to be world- or group- writable, and maybe not to be readable either. i.e. the permissions on the file should be secure.



My objective was to just install a security patch. Is the file verification
step really necessary?



That all depends on whether or not you have a trojaned copy of the security patch :-)

Kris


Kris,

Thanks for responding. I had installed the GPA graphical interface and it was
having a bad hair day or something. I resolved my initial problem by
deinstalling/reinstalling the gnugp port and using the command line to set
the program up.


I'm at the stage now, where I need to validate and certify the Security Officer's PGP key before I can verify the signature. Documentation suggests "...comparing
the key during a phone call." Later, there is the reality that "If you don't know the
owner of the public key you are really in trouble."


Is there some recommended course to follow when it comes to handling these
FreeBSD security patches?

Thanks,

Bob




-- I've learned that whatever hits the fan will not be evenly distributed.

FreeBSD 4.9-RELEASE-p2 #0

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to