-----BEGIN PGP SIGNED MESSAGE----- I agree too. Where, when not in security lists could this done for testing? georg - -----Ursprüngliche Nachricht----- Von: john@linuxlad.org [mailto:john@linuxlad.org] Gesendet: Dienstag, 17. Februar 2004 18:50 An: suse-security@lists.suse.com Betreff: RE: [suse-security] ID wwywxugwisi... thanks I agree that it's a dumb idea, but these virii don't know and don't care what the purpose of this list is. Someday some nitwit will stumble onto a piece of code that exploits an as-yet undiscovered flaw in one or more linux email clients, and we'll have a small disaster. It's just plain naive to think this will never happen. Perhaps later than sooner, but there is a lot more likelyhood that it will than it won't. Since it does no good to complain without offering a solution, here's an idea: Why not require all messages posted to this list to be signed with the users's gpg key? Building functionality into the list daemon to verify signatures would be easy task and would also help cut back on the spam that invades this list from time to time. Users can supply their public key at subscription time or it can be pulled from a keyserver when the users posts. It's really not a huge inconvenience... I'm signing this post to show how easy it is. Just my modest input... ...... -----BEGIN PGP SIGNATURE----- Version: CryptoEx OpenPGP Engine Version 2.1 Comment: KEBA CryptoEx Business Server - http://www.cryptoex.com iQA/AwUBQDMZ6X+RlK7Q2OA0EQI3vQCgyGBP/lHHXmh8uFLk/FT4T0QsyXgAoI/3 1jCOQq9scpF2z7jxcfkdiGkq =nGkF -----END PGP SIGNATURE-----