https://bugzilla.novell.com/show_bug.cgi?id=457802 Summary: Hermes mails should be GPG-signed Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Hermes AssignedTo: freitag@novell.com ReportedBy: suse-beta@cboltz.de QAContact: adrian@novell.com Found By: --- The hermes mails contain commands the receiver is expected to execute via copy&paste, like: Review the build log: osc remotebuildlog home:cboltz somepackage openSUSE_11.1 i586 | less Check out the package for editing: osc checkout home:cboltz postfixadmin-release These mails should be GPG-signed to avoid that an attacker can trick someone to copy&paste (and execute) a malicious command like osc remotebuildlog home:cboltz somepackage; rm -rf / | less # [1] by just sending a faked mail that looks like a hermes mail. [1] warning: don't copy&paste the example above! ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.