Re: Deskbar Applet, NewStuffManager, 2.16, Installing New Plug-Ins, AutoUpdate, etc.

[Adam Schreiber <sadam CLEMSON EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason D. Clinton wrote:
> On Wed, 2006-08-02 at 18:31 +0100, Mike Hearn wrote:
>> Is it really that hard to check a digital signature? I'd have thought
>> there'd be APIs in Python/C/Mono that make this trivial by now. And that's
>> all you have to do to protect against the "files are changed by evil
>> people" case.
> 
> gpg has well documented exit codes which can be suitably used for this.
> It's not high performance to invoke lots of sub-processes if you have a
> lot of files you are verifying, but it get's the job done.

Seahorse CVS HEAD contains a modification to how detached signatures are
verified in nautilus.  The new program is called seahorse-tool, moving
the functionality out of seahorse proper.  It could be modified if it
doesn't already return adequate exit codes.  It might also be possible
to add a VerifyFile D-Bus method that takes a URL and a buffer
containing the detached signature and returns a flag code.

Adam
- --
Why isn't all of your email protected?
http://gnupg.org
http://enigmail.mozdev.org
http://seahorse.sourceforge.net
http://live.gnome.org/Seahorse
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE0PLMjU1oaHEI4wgRArZLAKDae3gPeyZiWs9mbSjnkbLvqcyurACgzj0c
PwzJT3hBr30gQjISpG54qmM=
=p0i4
-----END PGP SIGNATURE-----