Re: [ANNOUNCE] experiemental dpkg available

To: Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: [ANNOUNCE] experiemental dpkg available
From: Hamish Moffatt <hamish@debian.org>
Date: Tue, 2 Nov 1999 10:16:38 +1100
Message-id: <19991102101638.B4091@rising.com.au>
Mail-followup-to: Debian Developers List <debian-devel@lists.debian.org>
In-reply-to: <19991101163656.A27894@studserv.stud.uni-hannover.de>; from Ingo Saitz on Mon, Nov 01, 1999 at 04:36:56PM +0100
References: <19991027233845.B228@lappy.djj.state.va.us> <9910280619.AA1215@ericw.user.bestnet.org> <19991028005953.O5741@kitenet.net> <19991101163656.A27894@studserv.stud.uni-hannover.de>

On Mon, Nov 01, 1999 at 04:36:56PM +0100, Ingo Saitz wrote:
> Well, I think this was just an example how it works. I think dpkg would
> read the passphrase from STDIN once and pipe it to a forked gpg process
> for every signature. *I* don't see where this should be insecure.

You can see process command line parameters in /proc/<fd>/cmdline.
OTOH, as long as you use the builtin echo it shouldn't show up there.


Hamish
-- 
Hamish Moffatt VK3SB. CCs of replies on mailing lists are welcome.

Reply to:

References:
- Re: [ANNOUNCE] experiemental dpkg available
  - From: Ingo Saitz <Ingo.Saitz@stud.uni-hannover.de>

Prev by Date: Re: ITP: Pth
Next by Date: Re: proftpd
Previous by thread: Re: [ANNOUNCE] experiemental dpkg available
Next by thread: Re: [ANNOUNCE] experiemental dpkg available
Index(es):
- Date
- Thread