Re: Deskbar Applet, NewStuffManager, 2.16, Installing New Plug-Ins, AutoUpdate, etc.

Hash: SHA1

Jason D. Clinton wrote:
> On Wed, 2006-08-02 at 18:31 +0100, Mike Hearn wrote:
>> Is it really that hard to check a digital signature? I'd have thought
>> there'd be APIs in Python/C/Mono that make this trivial by now. And that's
>> all you have to do to protect against the "files are changed by evil
>> people" case.
> gpg has well documented exit codes which can be suitably used for this.
> It's not high performance to invoke lots of sub-processes if you have a
> lot of files you are verifying, but it get's the job done.

Seahorse CVS HEAD contains a modification to how detached signatures are
verified in nautilus.  The new program is called seahorse-tool, moving
the functionality out of seahorse proper.  It could be modified if it
doesn't already return adequate exit codes.  It might also be possible
to add a VerifyFile D-Bus method that takes a URL and a buffer
containing the detached signature and returns a flag code.

- --
Why isn't all of your email protected?
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]