Re: professionalism, was Re: PGP messages getting flagged as spam
reynt0 wrote: Are there refined answers available to the question Yes. When giving a software evaluation, you always specify sources and methods. Each and every assertion needs a source and a method: who is your source, and how does your source know this? With proprietary software, you're mostly stuck relying on your vendor for information. Compare Microsoft says that IIS will scale up to our server load with our current server configuration to the Apache Foundation isn't making any promises, but I've had Apache running for the last month on a test server and it's performing flawlessly. The first statement's source is Microsoft. Their method is presumably their own internal testing. The second statement's source is you-the-engineer. Your method is your own internal testing. Neither evaluation is necessarily better or worse than the other. Management might trust Microsoft more than you, or you more than Microsoft. You're not responsible for making sure Management makes the right choices--you're only responsible for giving Management accurate information with which to make their choices. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: professionalism, was Re: PGP messages getting flagged as spam
On 10/18/07, Robert J. Hansen [EMAIL PROTECTED] wrote: With proprietary software, you're mostly stuck relying on your vendor for information. Compare Microsoft says that IIS will scale up to our server load with our current server configuration to the Apache Foundation isn't making any promises, but I've had Apache running for the last month on a test server and it's performing flawlessly. The first statement's source is Microsoft. Their method is presumably their own internal testing. Why wouldn't you set up a test lab with the Microsoft products as well? They offer zero-cost trial and developer editions of their products for that express purpose. You should never rely on the word of a vendor if there is an alternative. You can always find proprietary vendors that will give you a trial of some sort. At my company, we've had months-long trial installations of $1M+ vertical market software packages before signing any agreement to purchase. -- RPM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: professionalism, was Re: PGP messages getting flagged as spam
Ryan Malayter wrote: Why wouldn't you set up a test lab with the Microsoft products as well? It's a hypothetical. There do exist vendors that are infamously stingy with evaluation versions and heavily rely on trust us. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry-mac never displays any UI [seems to be solved]
Hi, I stumbled over the same problem. I am using mac-gnupg-2.0.4-2 from Ben. echo GETPIN | /Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac shows the pinentry dialog, though. But testing it together with gpg-agent didn't work (using something like 'echo test | gpg -ase -r KEY | gpg'). The pinentry icon bounced in the dock but no UI is shown (this seems to be the same problem Richard had). I was able to solve the problem by simply deleting the no-grab option from gpg-agent.conf (*hehe* simply, took me ages to figure that out). Everything works fine, now. Thanks Ben for your work. Since kde-3.5.6 I was not able to use gpg in kmail because the usage of gpg-agent is not optional any longer. And I wasn't able to get this working till now. -- Christoph ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry-mac never displays any UI [seems to be solved]
By God, he's right! it was no-grab that was doing it. Thanks all! On 10/18/07, Christoph Mockenhaupt [EMAIL PROTECTED] wrote: Hi, I stumbled over the same problem. I am using mac-gnupg-2.0.4-2 from Ben. echo GETPIN | /Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac shows the pinentry dialog, though. But testing it together with gpg-agent didn't work (using something like 'echo test | gpg -ase -r KEY | gpg'). The pinentry icon bounced in the dock but no UI is shown (this seems to be the same problem Richard had). I was able to solve the problem by simply deleting the no-grab option from gpg-agent.conf (*hehe* simply, took me ages to figure that out). Everything works fine, now. Thanks Ben for your work. Since kde-3.5.6 I was not able to use gpg in kmail because the usage of gpg-agent is not optional any longer. And I wasn't able to get this working till now. -- Christoph ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- .!# RichardBronosky #!. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about Replying to List
Benjamin Donnachie wrote: Take a look at the Thunderbird reply to list extension - http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension If you don't want to use Thunderbird v3, take a look at the ReplyToList extension at http://cweiske.de/misc_extensions.htm Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP messages getting flagged as spam
On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote: Probably true, but how will spammers get signatures on their stuff that are valid *for me*? They would have to compromise one of the keys that are valid on my keyring or one that would be considered trustworthy by means of the web-of-trust. Why not just take some signed content from a key in the strong set, like this message, and add some unsigned spam to it? It would be a great way to ruin keys by making them spam-keys. Maintaining a dedicated database of spam-keys that had been trustworthy but were used for spam would help, too (to assign messages signed by those keys a bad score). (These are best revoked by their owners, of course.) Unfortunately, these databases might be naively implemented as keyservers, or existing keyservers could start being burdened with votes in the form of signatures and/or revocations from any number of signers (voters). At most, you would only want to publish fingerprints of such keys rather than helping propagate and/or bloat them. Worse, how do you determine that some replayed signed content was indeed replayed? Does everyone now have to start publishing lists of the hashes for all their unencrypted, signed messages and the intended recipient(s) for each message? How would these lists be verified? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgphdV7QHlDiV.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users