[Timo Juhani Lindfors]
> Is
>
> /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
> chmod a+x file
> ./file
>
> still a safe way to ensure that only code signed by a key in trusted.gpg
> gets executed?
>From the manpage:
Note that this adds a keyring to the current list. If the intent
is to use the specified keyring alone, use --keyring along with
--no-default-keyring.
Peter
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121214225649.gn4...@p12n.org
