
                    Attention to users of Gnu arch

Are you currently using the signature checking features recently added
in tla 1.2pre0?

Alas, much to my embarassment, you need to change your .check rules.
The rules suggested by the previous HOWTO file create a small security 
bug.

Fortunately, this is very easy.   Here's a quote from the updated
HOWTO:

** Signature Checking Rules: ~/.arch-params/signing/$ARCHIVE.check

  Arch will _always_ verify checksums found in archives.
  Additionally, arch can be _configured_ to verify signatures found
  in archives.

  Signature checkins is enabled by creating a file:

        ~/.arch-params/signing/$ARCHIVE.check

  where $ARCHIVE is the name of an archive.   That file should
  again contain a single shell command, this time one which 
  reads a signed message on standard input and exits with 0 status
  for a valid signature, non-0 status for an invalid signature.

  Let's suppose that an archive is using a signing rule such as:

	agpg --clearsign

  The corresponding checking rule must verify the signature -- but
  must also verify that the signed file contains nothing else besides
  the signed data.

  An awk script has been included in the tla distribution for this
  purpose.  It's stored in ./src/tla/=gpg-check.awk and you can 
  install it on your path and making executable.

  I've installed my copy as `gpg-check' so the checking rule
  I use for my archive is:

	gpg-check gpg_command="gpg --verify-files -"


  It is an error to have a signature checking rule for an unsigned 
  archive.  If that error occurs, arch will refuse to read from 
  that archive.

  It is _not_ an error (but will generate a warning message) to _not_
  have a signature checking rule for an archive which is signed.

# arch-tag: Tom Lord Tue Oct  5 16:09:00 2004 (devo/=ARCH-USERS-README)
#
