savannah-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-dev] [bug #4663] Sign security important announcements


From: nobody
Subject: [Savannah-dev] [bug #4663] Sign security important announcements
Date: Tue, 30 Sep 2003 04:01:17 -0400
User-agent: Mozilla/5.0 (compatible; Konqueror/3; Linux 2.4.18-27.7.x.cern; i686)

=================== BUG #4663: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4663&group_id=11

Changes by: Mathieu Roy <address@hidden>
Date: mar 30.09.2003 à 10:01 (Europe/Paris)

------------------ Additional Follow-up Comments ----------------------------
Maybe the one who post the item should just sign with his own key?

What kind of trouble can it pose?



=================== BUG #4663: FULL BUG SNAPSHOT ===================


Signalé par: jas                      Projet: Savannah                      
Signalé le: ven 08.08.2003 à 00:00
Category:  Project Web site           Severity:  1 - Enhancement            
Priority:  Low                        Resolution:  Works for me             
Assigned to:  yeupou                  Status:  Open                         
Fixed Release:                        

Summary:  Sign security important announcements

Original Submission:  Announcements such as the SSH host key change should be 
changed, e.g. by a PGP signing key shared among the core administrators.



(If you want to get advanced, use one of the "key sharing" techniques so that 
e.g. 3 out of 5 core members must participate to generate the signed 
announcement.  This reduces the chance that someone can attack one of the 
administrators to gain the savannah announcement key. I'm not sure GnuPG 
support this yet though.)



Follow-up Comments
*******************

-------------------------------------------------------
Date: mar 30.09.2003 à 10:01        By: yeupou
Maybe the one who post the item should just sign with his own key?

What kind of trouble can it pose?

-------------------------------------------------------
Date: mar 02.09.2003 à 09:09        By: yeupou
Interesting, we will document this procedure.


La liste CC est vide


Il n'y a aucun fichier attaché actuellement


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4663&group_id=11

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]