Ack. It's sad. I believe Kurt has some sad articles about this already... :-)
99% probability. BTW great work Kurt! ;-)
Huh? I missed a few messages (checks archives...) ok. Yeah, me too, running cryptoarchive bothers me, a) not to many people download the sig files for tarballs, and b) many many people installed my solaris ssh packages (which of course are glorified tarballs I built). It's amazing what people will install. I've actually got an upcoming article on the importance of getting keys from trusted places, the assumption being all developers at least include a signature in another file (i.e. detached sig) and more importantly that people check them (rmemeber ftp.win.tue.nl getting hacked? like 60 downloads before someone checked the pgp sig and alerted them). BTW the next email should amuse you all.
Thanks, Roman.
Regards, Martin --
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net