[Enigmail] Enigmail asks 2 times for passphrase
Alexander Dahl
post at lespocky.de
Thu Jan 8 01:15:29 PST 2009
Hi,
> But... if the are distributing the fixed version, shouldn't they mark
> them as fixed, somehow? Like marking it as 1.4.6.1 or something? I mean,
> if I check the version, I don't have any way to know if I am using the
> "good one" or the "unpatched one"... Or maybe there is a way to know it,
> but it's not easy to check...
I think it's a bad idea if the distributor changes the version number of
the upstream software. There is a package version number of the
.deb-Package. You can't see every change in this number (you have to
read the package changelog for that).
Ubuntu and the stable branch of Debian have certain package repositories
for packages with security fixes. It's up to you whether you trust your
distribution and the package maintainers. You can check their work be
reading the changelog. Or you don't trust them to apply every single
security patch and build the last released upstream version by yourself
or even build from the latest source. As long as you don't double check
the source code itself it's a question of whom you trust. The Debian and
Ubuntu projects are open, you'll get all information you want about
their packaging policies on the web. :-)
Greets
Alex
--
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
(Benjamin Franklin)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20090108/6976693c/attachment.bin>
More information about the Enigmail
mailing list