From 470be533dd7d6e3a65a0da88d7dc9c7b997802ea Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 18 Jun 2003 04:13:35 +0000 Subject: [PATCH] * Document --set-notation. Explain why it is not possible to disable permission warnings in the gpg.conf file about the homedir. --- doc/ChangeLog | 6 ++++++ doc/gpg.sgml | 21 ++++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 6162611df..ba4da8bf9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2003-06-18 David Shaw + + * Document --set-notation. Explain why it is not possible to + disable permission warnings in the gpg.conf file about the + homedir. + 2003-05-21 David Shaw * gpg.sgml: Document --trustdb-name. Document --gnupg in a new diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 948406526..89589b616 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1420,7 +1420,7 @@ Force inclusion of the version string in ASCII armored output. --sig-notation &ParmNameValue; --cert-notation &ParmNameValue; --N, --notation-data &ParmNameValue; +-N, --set-notation &ParmNameValue; Put the name value pair into the signature as notation data. &ParmName; must consist only of printable characters or spaces, and @@ -1431,7 +1431,7 @@ encoded in UTF8, so you should check that your --charset is set correctly. If you prefix &ParmName; with an exclamation mark, the notation data will be flagged as critical (rfc2440:5.2.3.15). --sig-notation sets a notation for data signatures. --cert-notation -sets a notation for key signatures (certifications). --notation-data +sets a notation for key signatures (certifications). --set-notation sets both. @@ -1974,11 +1974,18 @@ Suppress the warning about "using insecure memory". --no-permission-warning -Suppress the warning about unsafe file permissions. Note that the -file permission checks that GnuPG performs are not intended to be -authoritative, rather they simply warn about certain common permission -problems. Do not assume that the lack of a warning means that your -system is secure. + +Suppress the warning about unsafe file and home directory (--homedir) +permissions. Note that the permission checks that GnuPG performs are +not intended to be authoritative, but rather they simply warn about +certain common permission problems. Do not assume that the lack of a +warning means that your system is secure. + +Note that the warning for unsafe --homedir permissions cannot be +supressed in the gpg.conf file, as this would allow an attacker to +place an unsafe gpg.conf file in place, and use this file to supress +warnings about itself. The --homedir permissions warning may only be +supressed on the command line.