Wireshark-dev: Re: [Wireshark-dev] GPG signature for the downloads: 404
From: "Robin Munn" <rmunn@xxxxxxxxx>
Date: Fri, 1 Sep 2006 23:20:06 +0100
On 9/1/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
On Fri, Sep 01, 2006 at 03:30:19PM +0100, Robin Munn wrote:
> http://www.wireshark.org/download.html points to a signatures file at
> http://www.wireshark.org/download/SIGNATURES-0.99.3.txt, but that URL
> is 404-compliant. Nor could I find the signatures file anywhere in the
> http://www.wireshark.org/download/ tree.
>
> On that subject, it would also be nice to get the gerald@xxxxxxxxxxxxx
> GPG key signed by a few other (well-known) keys, to eliminate the
> possibility of someone inserting Trojaned binaries onto the
> wireshark.org site with a corresponding self-signed but fake
> "gerald@xxxxxxxxxxxxx" GPG key to go along with them.
>
> Thanks, BTW, for making Ethereal/Wireshark such a useful tool. There
> have been several times when it's saved me *hours* of headscratching
> over some network problem. Now it's the first thing I fire up when I
> want to troubleshoot any kind of weird network behavior. Congrats on
> making such an excellent tool!

Gerald is (mostly) offline for the next week or so. Please open a bug
for this at bugs.wireshark.org, to make sure the idea doesn't get lost.

Done: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1086

(That's the get-the-GPG-key-signed idea; since the signatures file has
already been moved into the proper place, I won't bother opening a bug
on that one.)

--
Robin Munn
rmunn@xxxxxxxxx
GPG key 0xD6497014