Re: An important lesson
On Thu, 2004-10-28 at 16:57 -0700, Don Armstrong wrote: > On Thu, 28 Oct 2004, Scott James Remnant wrote: > > On Thu, 2004-10-28 at 18:08 +0200, Adrian 'Dagurashibanipal' von Bidder > > wrote: > > > On Thursday 28 October 2004 16.40, Matthew Garrett wrote: > > > > Warning: The signature is bad. > > > > > > I guess this was unavoidable in a posting about a security related issue > > > with GnuPG... > > > > > Verifies fine here. > > If you ignore the: > > gpg: WARNING: This key has been revoked by its owner! > gpg: This could mean that the signature is forgery. > gpg: reason for revocation: Key has been compromised > gpg: revocation comment: Compromised on the uid/gid remapping on alioth > > perhaps. > Heh, had to refresh the key to get *that* :D I already had that key in my keyring unrevoked. Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist? signature.asc Description: This is a digitally signed message part
Re: An important lesson
On Friday 29 October 2004 01.57, Don Armstrong wrote: > On Thu, 28 Oct 2004, Scott James Remnant wrote: > > On Thu, 2004-10-28 at 18:08 +0200, Adrian 'Dagurashibanipal' von Bidder > > > > wrote: > > > On Thursday 28 October 2004 16.40, Matthew Garrett wrote: > > > > Warning: The signature is bad. > > > > > > I guess this was unavoidable in a posting about a security related > > > issue with GnuPG... > > > > Verifies fine here. > > If you ignore the: > > gpg: WARNING: This key has been revoked by its owner! > gpg: This could mean that the signature is forgery. > gpg: reason for revocation: Key has been compromised > gpg: revocation comment: Compromised on the uid/gid remapping on alioth > > perhaps. Ah, now I see. I didn't really notice what key was used to sign the original message... greets -- vbi -- Oops pgpzKsbmdm6iK.pgp Description: PGP signature
Re: An important lesson
On Thu, 28 Oct 2004, Scott James Remnant wrote: > On Thu, 2004-10-28 at 18:08 +0200, Adrian 'Dagurashibanipal' von Bidder > wrote: > > On Thursday 28 October 2004 16.40, Matthew Garrett wrote: > > > Warning: The signature is bad. > > > > I guess this was unavoidable in a posting about a security related issue > > with GnuPG... > > > Verifies fine here. If you ignore the: gpg: WARNING: This key has been revoked by its owner! gpg: This could mean that the signature is forgery. gpg: reason for revocation: Key has been compromised gpg: revocation comment: Compromised on the uid/gid remapping on alioth perhaps. Don Armstrong -- Quite the contrary; they *love* collateral damage. If they can make you miserable enough, maybe you'll stop using email entirely. Once enough people do that, then there'll be no legitimate reason left for anyone to run an SMTP server, and the spam problem will be solved. Craig Dickson <[EMAIL PROTECTED]> http://www.donarmstrong.com http://rzlab.ucr.edu
Re: An important lesson
On Thu, 2004-10-28 at 18:08 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Thursday 28 October 2004 16.40, Matthew Garrett wrote: > > Warning: The signature is bad. > > I guess this was unavoidable in a posting about a security related issue > with GnuPG... > Verifies fine here. Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist? signature.asc Description: This is a digitally signed message part
Re: An important lesson
On Thursday 28 October 2004 16.40, Matthew Garrett wrote: > Warning: The signature is bad. I guess this was unavoidable in a posting about a security related issue with GnuPG... greetings -- vbi -- Oops pgpsZSnPddRmR.pgp Description: PGP signature
Re: An important lesson
Matthew Garrett wrote: Developers, do not allow http://www.google.com/search?q=inurl%3Asecring.gpg to happen to you. I haven't checked lately, but at least some of those used to be: (a) secret keys used in regression tests, (b) honeypots and (c) findable via google but not downloadable cheers stuart -- Stuart Yeates[EMAIL PROTECTED] OSS Watch http://www.oss-watch.ac.uk/ Oxford Text Archive http://ota.ahds.ac.uk/ Humbul Humanities Hub http://www.humbul.ac.uk/
Re: An important lesson
On Thu, Oct 28, 2004 at 03:40:48PM +0100, Matthew Garrett wrote: > Developers, do not allow > > http://www.google.com/search?q=inurl%3Asecring.gpg > > to happen to you. And it's better to repeat it three times: http://debian-amd64.alioth.debian.org/pure64/wanna-build/secring.gpg http://ftp.belnet.be/linux/debian-amd64/wanna-build/secring.gpg http://ftp.belnet.be/pub/mirror/debian-amd64.alioth.debian.org/wanna-build/secring.gpg Mike