1 |
> I used the footnote numbers to reference the attacks. |
2 |
|
3 |
I am afraid, this might cause some confusion. The numbers you have used |
4 |
won't stay stable. Those were autogenerated numbers of footnotes. As |
5 |
footnotes change, these numbers change. To keep your post |
6 |
understandable, I created a snapshot before modifying footnotes: |
7 |
http://www.webcitation.org/6Wo9Cb2ox |
8 |
|
9 |
However, numbers (1), (2), (3), etc. that won't be automatically |
10 |
changed, have just been added now. |
11 |
|
12 |
Rick "Zero_Chaos" Farina: |
13 |
> webrsync-gpg would |
14 |
> appear to mitigate |
15 |
|
16 |
Actually, I was aware of it. The issue is, signing is not everything. |
17 |
Signatures need a validity range. Otherwise mirrors can also show half a |
18 |
year etc. old signatures that are valid. See also: |
19 |
http://blog.ganneff.de/blog/2008/09/23/valid-until-field-in-release-f.html |
20 |
|
21 |
> attacks 3, 11, and 12. |
22 |
|
23 |
There was no attack 3. Now, before we talk past each other, would you |
24 |
mind to repost by referencing attack by name or by their new, "real" |
25 |
numbers? |
26 |
|
27 |
Cheers, |
28 |
Patrick |