oss-sec mailing list archives
Re: CVE for Kali Linux
From: Daniel Micay <danielmicay () gmail com>
Date: Sun, 22 Mar 2015 00:24:58 -0400
Windows users are also left out without this: they don't have GPG, and they don't have a secure way to obtain GPG.
http://www.gpg4win.org/ http://sourceforge.net/projects/msys2/ Not even HTTPS *without* HSTS + HPKP. Gpg4win did get part of the way there but didn't grab a free certificate from GlobalSign or StartSSL. The official gnupg site uses ftp with... GPG signatures. I guess you're supposed to validate that the GPG installer you've downloaded is valid by running the GPG installer? :P https://www.gnupg.org/download/ Is there actually a way for a Windows user to obtain it securely? GPG simply doesn't work here, even if you assume that users are going to take extra steps to verify the download. You have to rely on HTTPS (or HKPS) to obtain the GPG key anyway, so I don't see the point in pushing for it here. It's fantastic for package signing, sure :).
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Justin Steven (Mar 21)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Russ Allbery (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Amos Jeffries (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Justin Steven (Mar 21)
- Re: CVE for Kali Linux Michael Samuel (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)