Hi,
I was urged to send you the following information. I noticed CERT and tale
itself. But tale claims that the problem is not a problem of pgpverify, it's
a problem of some krauts trying to send checkgroups monthly using a bot.
The checkgroups mentioned were send since a year. They do not include Date:
and Message-ID: because these values were not predictable by the human
signer and the bot does not know the passphrase to work with.
In consequence there are checkgroups out there which can be resend at any
time causing a lot of trouble, because the signature is still valid even if
a new Message-ID: and Date: line are used.
The obvious fix is to modify pgpverify to block such control messages.
ftp://ftp.iks-jena.de/pub/mitarb/lutz/ contains the necessary fixes.
HTH
--+w/mQv8wyuph6w05
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3in
iQCiAwUBNDzd7pFeTizbCJMJAQHtewRnSzHzJkxfvtUVtaaOtnsS0jAQBhHPZO4p
ztMCLSkqj93EVTbJSpeKmhJ7EMrSDEgZ0dHOR9n8B+ysaB3mDQ9e9ESwFyMPQMgQ
x60x/AQgAVE516S1FKU8Se/4iia2X0Pa5TL85v+CK7hBvbcAyRBIKoEKR9KygM/f
W7w8Ol5tE1f9MveyeWscA+Juy3in
=ZzIE
-----END PGP SIGNATURE-----
--+w/mQv8wyuph6w05--