Specify the bundle on the GPG command line, to block an easy attack
Robert Ransom

Robert Ransom commited on 2012-02-02 05:25:38
Zeige 1 geänderte Dateien mit 2 Einfügungen und 2 Löschungen.


Otherwise, They can put a message with an attached signature in the .asc
file, and GPG will call it good.

... ...
@@ -97,7 +97,7 @@
97 97
     to download the ".asc" file as well. Assuming you downloaded the
98 98
     package and its signature to your Desktop, run:</p>
99 99
 
100
-    <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc</pre>
100
+    <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc C:\Users\Alice\Desktop\<file-win32-bundle-stable></pre>
101 101
 
102 102
     <p>The output should say "Good signature": </p>
103 103
 
... ...
@@ -153,7 +153,7 @@
153 153
     to download the ".asc" file as well. Assuming you downloaded the
154 154
     package and its signature to your Desktop, run:</p>
155 155
 
156
-    <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>.asc</pre>
156
+    <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>{.asc,}</pre>
157 157
 
158 158
     <p>The output should say "Good signature": </p>
159 159
 
160 160