-
In order to implement simple signature verification for `rustup` to an extent that we're confident that it's good to proceed to thinking more about trust models, we need:
* [x] Select an OpenPGP im…
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
============================================================================
Certificate
===========================================================…
-
### Context
- The full context can be found at [GHSA-76h5-j8cf-q8vj](https://github.com/nodejs/nodejs.org/security/advisories/GHSA-76h5-j8cf-q8vj) and [GHSA-jcj3-qxpv-gxm2](https://github.com/nodej…
-
Should the project have pgp or some type of .asc form of verifying the checksum file so that the verification of the .img has more than one layer of security and there is a lower likelihood of malware…
-
It would be great if a user could register a PGP public key in addition to a URL. Then she could post PGP-signed messages to an HTTP endpoint and still enjoy security. The client could verify the twtx…
-
If your bitaddress.org site was compromised, how would anyone know?
The signed message at https://www.bitaddress.org/pgpsignedmsg.txt is not worth anything unless we are sure it is signed with _your_…
-
Hello,
I am using Gradle 7.4 and dependencycheck 7.1.1
The verification failed for the POM
```xml
…
-
```
One artifact failed verification: gradle-git-version-3.0.0.pom (com.palantir.gradle.gitversion:gradle-git-version:3.0.0) from repository gradle
This can indicate that a dependency has been compr…
-
The signatures e.g. in https://repo1.maven.org/maven2/com/adobe/acs/acs-aem-commons/5.0.6/acs-aem-commons-5.0.6.pom.asc uses the PGP public key 0EF856D6DF1A0F63. I don't find the public key though on …
-
## What would you like to be able to do?
Right now there is only one way to prevent neomutt from trying to verify S/MIME signatures when using gpgme.
You need to set `set crypt_verify_sig=no` …