[pmwiki-users] Infected Cookbook Recipes?

Martin Fick mogulguy at yahoo.com
Mon Sep 22 09:31:22 CDT 2008

But in order to sign the files, the public key for the signature would have to be posted somewhere!  Perhaps the author's profile page would be a good place to put that, the author could password protect this page?  But if we do that, why not simply put the MD5 hashes on the author's profile page instead?


--- On Mon, 9/22/08, Christophe David <pmwiki at christophedavid.org> wrote:

> From: Christophe David <pmwiki at christophedavid.org>
> Subject: Re: [pmwiki-users] Infected Cookbook Recipes?
> To: "Hans" <design5 at softflow.co.uk>
> Cc: "PmWiki Users" <pmwiki-users at pmichaud.com>
> Date: Monday, September 22, 2008, 9:12 AM
> Hash: SHA1
> > But it is quite  a bit of extra work, and it forces a
> user to install
> > GPG in order to use the recipe.
> No: the user gets a .zip file containing the recipe that
> can be used
> directly.  If *and only if* he wants to validate it, he can
> use GPG.
> The developer would just upload a zip file instead of a php
> file.
> Many files are already distributed on the internet with a
> signature
> file: look for example at PasswordSafe on
> http://sourceforge.net/project/showfiles.php?group_id=41019&package_id=33169&release_id=623132
> http://passwordsafe.sourceforge.net/
> Each file is supplied with a signature.
> Christophe
> Version: GnuPG v1.4.6 (GNU/Linux)
> iD8DBQFI15nKyu9YWMK6LU8RAvjoAJ0RYYZ6bx1Vem3XWcwvitcUDttv4wCggaxR
> JmuczuYKnBa2whdQjG0d7yY=
> =A/sn
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users


More information about the pmwiki-users mailing list