> I used the footnote numbers to reference the attacks. I am afraid, this might cause some confusion. The numbers you have used won't stay stable. Those were autogenerated numbers of footnotes. As footnotes change, these numbers change. To keep your post understandable, I created a snapshot before modifying footnotes: http://www.webcitation.org/6Wo9Cb2ox
However, numbers (1), (2), (3), etc. that won't be automatically changed, have just been added now. Rick "Zero_Chaos" Farina: > webrsync-gpg would > appear to mitigate Actually, I was aware of it. The issue is, signing is not everything. Signatures need a validity range. Otherwise mirrors can also show half a year etc. old signatures that are valid. See also: http://blog.ganneff.de/blog/2008/09/23/valid-until-field-in-release-f.html > attacks 3, 11, and 12. There was no attack 3. Now, before we talk past each other, would you mind to repost by referencing attack by name or by their new, "real" numbers? Cheers, Patrick