From alpine-info at u.washington.edu Mon Apr 8 02:09:19 2024 From: alpine-info at u.washington.edu (Carl Edquist via Alpine-info) Date: Mon Apr 8 02:07:40 2024 Subject: [Alpine-info] PGP encryption in Alpine? Message-ID: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> Hi there! I'm curious if there is a recommended way to get PGP working with Alpine, to read and send PGP encrypted mails? Eduardo or anyone else here gotten this working? Just thought I'd ask here first before diving in. (I'll include my notes below for reference though.) Thanks! Carl A web search turned up a few guides on external sites ([1], [2], [3]). Restricting the search to the alpineapp.email site, there appears to be an old pgp patch [4] for pine 4.33 (which besides being quite old, apparently only supports decryption). And there is a reference to an even older patch from 1994 on an external newsgroup, listed under "Patches for Pine3.89" [5] (the oldest one) that claims to add encryption support. But these are pretty old, and I don't see anything referencing PGP on the main "Patches for Alpine" page [6]. [1] https://fedoraproject.org/wiki/Using_GPG_with_Alpine [2] https://pbraun.nethence.com/unix/mail/alpine-pgp.html [3] https://web.archive.org/web/20131221175352/http://www.hackorama.com/network/pgphowto.shtml [4] https://alpineapp.email/pine/info/pgp.html [5] https://alpineapp.email/pine/patches/others.html [6] https://alpineapp.email/alpine/index.html From alpine-info at u.washington.edu Mon Apr 8 04:09:01 2024 From: alpine-info at u.washington.edu (Olaf Skibbe via Alpine-info) Date: Mon Apr 8 04:09:15 2024 Subject: [Alpine-info] PGP encryption in Alpine? In-Reply-To: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> References: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> Message-ID: <07e94b19-d6b8-12de-66a3-321a8d83a07b@kravcenko.com> Hi Carl, On Mon, 8 Apr 2024 at 11:09, Carl Edquist via Alpine-info wrote: > I'm curious if there is a recommended way to get PGP working with > Alpine, to read and send PGP encrypted mails? > > Eduardo or anyone else here gotten this working? I use PGP in Alpine with Topal. This works well so far. https://green-pike.co.uk/topal/ I use both programs (Alpine and Topal) from the Debian sources. There is only one issue: As installed from the Debian sources, Topal works only for PGP/Inline. Most of the people I know using PGP use PGP/MIME. This seems to be the standard now, Thunderbird for instance has dropped support of PGP/Inline some time ago. It is a little complicated to decrypt these messages, especially when there are attachments included. There is a patch for Alpine described in the Topal documentation to make it capable of PGP/MIME. Since I use Alpine on several systems, I very much like to stick with the distributed version (here Debian stable with Alpine 2.26). I therefore never tried to install the patch. An native Alpine with support of PGP/MIME would be great! Cheers, Olaf From alpine-info at u.washington.edu Mon Apr 8 05:26:06 2024 From: alpine-info at u.washington.edu (Carlos E. R. via Alpine-info) Date: Mon Apr 8 05:26:14 2024 Subject: [Alpine-info] PGP encryption in Alpine? In-Reply-To: <07e94b19-d6b8-12de-66a3-321a8d83a07b@kravcenko.com> References: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> <07e94b19-d6b8-12de-66a3-321a8d83a07b@kravcenko.com> Message-ID: <7bc016de-300d-5e83-fa16-00c2355c4f4a@telefonica.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2024-04-08 a las 13:09 +0200, Olaf Skibbe via Alpine-info escribi?: > Hi Carl, > > On Mon, 8 Apr 2024 at 11:09, Carl Edquist via Alpine-info wrote: > >> I'm curious if there is a recommended way to get PGP working with >> Alpine, to read and send PGP encrypted mails? >> >> Eduardo or anyone else here gotten this working? > > I use PGP in Alpine with Topal. This works well so far. > > https://green-pike.co.uk/topal/ > > I use both programs (Alpine and Topal) from the Debian sources. I use ppf_ scripts or filters, from dougb (Douglas Barton): http://dougbarton.us/PGP/scripts/ppf/ and/or ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/dougb/ > > There is only one issue: As installed from the Debian sources, Topal > works only for PGP/Inline. > > Most of the people I know using PGP use PGP/MIME. This seems to be the > standard now, Thunderbird for instance has dropped support of > PGP/Inline some time ago. It is a little complicated to decrypt these > messages, especially when there are attachments included. Yes, this is indeed an issue. Alpine does not recognize signatures made by Thunderbird, and the other way around. In fact, people ask what is that stuff (text) in the middle of the email. > There is a patch for Alpine described in the Topal documentation to > make it capable of PGP/MIME. Since I use Alpine on several systems, I > very much like to stick with the distributed version (here Debian > stable with Alpine 2.26). I therefore never tried to install the > patch. An native Alpine with support of PGP/MIME would be great! Topal is available on openSUSE: Telcontar:~ # zypper info Topal ... Information for package topal: - ------------------------------ Repository : EXT: Packman Repository Name : topal Version : 76-150500.4.pm.5 Arch : x86_64 Vendor : http://packman.links2linux.de Installed Size : 2.1 MiB Installed : No Status : not installed Source package : topal-76-150500.4.pm.5.src Upstream URL : https://zircon.org.uk/topal/ Summary : A tool to encrypt, decrypt, sign and verify emails Description : Topal is a "glue" program that links GnuPG and Pine/Alpine. It offers facilities to encrypt, decrypt, sign and verify emails. Telcontar:~ # - -- Cheers, Carlos E. R. (from openSUSE 15.5 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZhPiXhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVPCYAnRm1tH+WErG7CuzHuQtY CnAYLWFNAJ9tKY6hez1aKxTvxpOFrWDozo+pPA== =PhZ2 -----END PGP SIGNATURE----- From alpine-info at u.washington.edu Tue Apr 9 11:29:21 2024 From: alpine-info at u.washington.edu (Carl Edquist via Alpine-info) Date: Tue Apr 9 11:29:37 2024 Subject: [Alpine-info] PGP encryption in Alpine? In-Reply-To: <7bc016de-300d-5e83-fa16-00c2355c4f4a@telefonica.net> References: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> <07e94b19-d6b8-12de-66a3-321a8d83a07b@kravcenko.com> <7bc016de-300d-5e83-fa16-00c2355c4f4a@telefonica.net> Message-ID: Thanks Olaf and Carlos for the recommendations (topal and ppf scripts). I'll give them a try! I run my own patched alpine as it is, so i don't mind patching it further if necessary to get the PGP/MIME support. Carl On Mon, Apr 8, 2024, 15:26 Carlos E. R. via Alpine-info < alpine-info@u.washington.edu> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > El 2024-04-08 a las 13:09 +0200, Olaf Skibbe via Alpine-info escribi?: > > > Hi Carl, > > > > On Mon, 8 Apr 2024 at 11:09, Carl Edquist via Alpine-info wrote: > > > >> I'm curious if there is a recommended way to get PGP working with > >> Alpine, to read and send PGP encrypted mails? > >> > >> Eduardo or anyone else here gotten this working? > > > > I use PGP in Alpine with Topal. This works well so far. > > > > https://green-pike.co.uk/topal/ > > > > I use both programs (Alpine and Topal) from the Debian sources. > > I use ppf_ scripts or filters, from dougb (Douglas Barton): > > > http://dougbarton.us/PGP/scripts/ppf/ and/or > ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/dougb/ > > > > > > There is only one issue: As installed from the Debian sources, Topal > > works only for PGP/Inline. > > > > Most of the people I know using PGP use PGP/MIME. This seems to be the > > standard now, Thunderbird for instance has dropped support of > > PGP/Inline some time ago. It is a little complicated to decrypt these > > messages, especially when there are attachments included. > > Yes, this is indeed an issue. > > Alpine does not recognize signatures made by Thunderbird, and the other > way around. In fact, people ask what is that stuff (text) in the middle of > the email. > > > > There is a patch for Alpine described in the Topal documentation to > > make it capable of PGP/MIME. Since I use Alpine on several systems, I > > very much like to stick with the distributed version (here Debian > > stable with Alpine 2.26). I therefore never tried to install the > > patch. An native Alpine with support of PGP/MIME would be great! > > Topal is available on openSUSE: > > Telcontar:~ # zypper info Topal > ... > > Information for package topal: > - ------------------------------ > Repository : EXT: Packman Repository > Name : topal > Version : 76-150500.4.pm.5 > Arch : x86_64 > Vendor : http://packman.links2linux.de > Installed Size : 2.1 MiB > Installed : No > Status : not installed > Source package : topal-76-150500.4.pm.5.src > Upstream URL : https://zircon.org.uk/topal/ > Summary : A tool to encrypt, decrypt, sign and verify emails > Description : > Topal is a "glue" program that links GnuPG and Pine/Alpine. > It offers facilities to encrypt, decrypt, sign and verify emails. > > Telcontar:~ # > > > > > - -- > Cheers, > Carlos E. R. > (from openSUSE 15.5 x86_64 at Telcontar) > > -----BEGIN PGP SIGNATURE----- > > iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZhPiXhwccm9iaW4ubGlz > dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVPCYAnRm1tH+WErG7CuzHuQtY > CnAYLWFNAJ9tKY6hez1aKxTvxpOFrWDozo+pPA== > =PhZ2 > -----END PGP SIGNATURE-----_______________________________________________ > Alpine-info mailing list > Alpine-info@u.washington.edu > http://mailman12.u.washington.edu/mailman/listinfo/alpine-info > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alpine-info at u.washington.edu Tue Apr 9 12:24:26 2024 From: alpine-info at u.washington.edu (Olaf Skibbe via Alpine-info) Date: Tue Apr 9 12:25:16 2024 Subject: [Alpine-info] PGP encryption in Alpine? In-Reply-To: References: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> <07e94b19-d6b8-12de-66a3-321a8d83a07b@kravcenko.com> <7bc016de-300d-5e83-fa16-00c2355c4f4a@telefonica.net> Message-ID: <7f2edf25-b197-fd51-7aa7-14ddccc99af2@kravcenko.com> On Tue, 9 Apr 2024 at 21:29, Carl Edquist wrote: > Thanks Olaf and Carlos for the recommendations (topal and ppf scripts). > > I'll give them a try! > > I run my own patched alpine as it is, so i don't mind patching it further > if necessary to get the PGP/MIME support. I'd be very interested in your results concerning the Topal patch. There is/was an issue with Alpine and Topal when the encrypted text contains special characters (like ??? etc.). In case you experience issues with this, I might be able to give some hints. Phil Brooke (Topal's author) helped with these problems some years ago (he was also subscribing this mailing list back then). All the best Olaf From alpine-info at u.washington.edu Wed Apr 10 06:50:12 2024 From: alpine-info at u.washington.edu (Adrian C. via Alpine-info) Date: Wed Apr 10 06:50:14 2024 Subject: [Alpine-info] PGP encryption in Alpine? In-Reply-To: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> References: <05306212-ca9c-9881-c904-ca9db04cdfb1@gmail.com> Message-ID: On Mon, 8 Apr 2024, Carl Edquist via Alpine-info wrote: > I'm curious if there is a recommended way to get PGP working with > Alpine, to read and send PGP encrypted mails? Inline is simple. For multipart I used it with Topal for over a decade sucesfully. Two Topal patches are applied to Alpine sources and then here's the shortest tutorial on what you actually need to use it (dos2unix, metamail...): https://sysphere.org/~anrxc/j/archives/2009/06/24/notes_on_alpine_and_gnupg/index.html However around 2021 with Alpine 2.24 it no longer worked as seemlessly as it used to when opening multipart messages. No longer was I seeing "Good signature" automatically displayed... I had to start exporting message to a file then running topal on it manually. I don't know what changed in Alpine back then, maybe it was fixed since. From alpine-info at u.washington.edu Wed Apr 10 14:18:30 2024 From: alpine-info at u.washington.edu (=?utf-8?B?ya8gdQ==?= via Alpine-info) Date: Wed Apr 10 14:18:37 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? Message-ID: Hi, I'm a long-time Pine/Alpine user and just noticed I'm mentioned on https://alpineapp.email/alpine/alpine-info/tips/ - thanks! :) After many years of using an old Alpine, I'm in the midst of installing Alpine 2.26 on one of my Windows devices. I downloaded alpine-2.26.zip from here: https://alpineapp.email/ I verified the checksum and now want to check the integrity with gpg, but I need some help. I don't know much about gpg, but I was able to use these instructions to verify the Mullvad Browser signature: Verifying Mullvad Browser signature https://mullvad.net/en/help/verifying-mullvad-browser-signature After doing that, I thought OK, now I can kind of use these instructions to verify alpine-2.26.zip. I downloaded Eduardo's GPG public key from: https://alpineapp.email/alpine/gpg/alpine.chappa@yandex.com.gpg But what do I do now? I'm thinking that I need a file named something like alpine-2.26.zip.asc? I'd appreciate any help. Thank you! Nancy https://www.ii.com/ From alpine-info at u.washington.edu Wed Apr 10 18:11:15 2024 From: alpine-info at u.washington.edu (Carlos E. R. via Alpine-info) Date: Wed Apr 10 18:11:22 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2024-04-10 at 21:18 -0000, ? u via Alpine-info wrote: > Hi, I'm a long-time Pine/Alpine user and just noticed I'm mentioned on > https://alpineapp.email/alpine/alpine-info/tips/ - thanks! :) > > After many years of using an old Alpine, I'm in the midst of installing > Alpine 2.26 on one of my Windows devices. I downloaded alpine-2.26.zip > from here: > > https://alpineapp.email/ > > I verified the checksum and now want to check the integrity with gpg, > but I need some help. I don't know much about gpg, but I was able to use > these instructions to verify the Mullvad Browser signature: > > Verifying Mullvad Browser signature > https://mullvad.net/en/help/verifying-mullvad-browser-signature > > After doing that, I thought OK, now I can kind of use these instructions > to verify alpine-2.26.zip. I downloaded Eduardo's GPG public key from: > > https://alpineapp.email/alpine/gpg/alpine.chappa@yandex.com.gpg > > But what do I do now? I'm thinking that I need a file named something > like alpine-2.26.zip.asc? I'd appreciate any help. At that page you can read: Source Code alpine-2.26.tar.xz MD5: 0943b31c476276e924b02afbfaf98392 SHA256: c0779c2be6c47d30554854a3e14ef5e36539502b331068851329275898a9baba GPG Signature: alpine-2.26.tar.xz.sig. You can verify the "alpine-2.26.tar.xz" file with the signature "alpine-2.26.tar.xz.sig" and Eduardo public key. cer@Telcontar:~/tmp/alpine> gpg --verify alpine-2.26.tar.xz.sig alpine-2.26.tar.xz gpg: Signature made 2022-06-03T02:14:17 CEST gpg: using RSA key 7BCC14640B206433AC2D511FBEB04EE9EA8259AD gpg: Can't check signature: No public key cer@Telcontar:~/tmp/alpine> cer@Telcontar:~/tmp/alpine> wget https://alpineapp.email/alpine/gpg/alpine.chappa@yandex.com.gpg - --2024-04-11 03:01:56-- https://alpineapp.email/alpine/gpg/alpine.chappa@yandex.com.gpg Resolving alpineapp.email (alpineapp.email)... 198.91.87.65 Connecting to alpineapp.email (alpineapp.email)|198.91.87.65|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 3984 (3,9K) [application/x-msdownload] Saving to: ?alpine.chappa@yandex.com.gpg? alpine.chappa@yandex.com.gpg 100%[=============================================>] 3,89K --.-KB/s in 0s 2024-04-11 03:01:57 (798 MB/s) - ?alpine.chappa@yandex.com.gpg? saved [3984/3984] cer@Telcontar:~/tmp/alpine> l total 7364 drwxr-xr-x 2 cer users 98 Apr 11 03:01 ./ drwxr-xr-x 158 cer users 8192 Apr 11 02:58 ../ - -rw-r--r-- 1 cer users 7517628 Jun 3 2022 alpine-2.26.tar.xz - -rw-r--r-- 1 cer users 566 Jun 3 2022 alpine-2.26.tar.xz.sig - -rw-r--r-- 1 cer users 3984 Jun 15 2022 alpine.chappa@yandex.com.gpg cer@Telcontar:~/tmp/alpine> cer@Telcontar:~/tmp/alpine> gpg --import alpine.chappa@yandex.com.gpg gpg: key BEB04EE9EA8259AD: "alpine.chappa@yandex.com" not changed gpg: Total number processed: 1 gpg: unchanged: 1 cer@Telcontar:~/tmp/alpine> gpg --verify alpine-2.26.tar.xz.sig alpine-2.26.tar.xz gpg: Signature made 2022-06-03T02:14:17 CEST gpg: using RSA key 7BCC14640B206433AC2D511FBEB04EE9EA8259AD gpg: Good signature from "alpine.chappa@yandex.com" [unknown] gpg: aka "Eduardo Chappa " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7BCC 1464 0B20 6433 AC2D 511F BEB0 4EE9 EA82 59AD cer@Telcontar:~/tmp/alpine> That's the procedure for verifying the sources (although there is a chain of trust problem in what I did). You can not gpg verify the windows binary because the signature is not published. - -- Cheers, Carlos E. R. (from openSUSE 15.5 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZhc4tBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVnuUAnj5hzEJnu2xAI4kFm7Hk 8J3lgb7MAJsEuhip3dQ3zLQM/S/YvYHlw8BMSw== =39Gg -----END PGP SIGNATURE----- From alpine-info at u.washington.edu Wed Apr 10 20:23:08 2024 From: alpine-info at u.washington.edu (Eduardo Chappa via Alpine-info) Date: Wed Apr 10 20:23:17 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: Hello Nancy, thank you for trying version 2.26. I do not normally post gpg signatures for windows binaries. This has to do with moving files between computers which leads to losing information (keys) and me not using gpg on a daily basis (so I am happy to regenerate keys as much as I need, when I need). I've been good about this in the last few years, so all is good at this time. I posted a signature for the windows binary at https://alpineapp.email/alpine/release/src/sig/windows-2.26.zip.sig I hope this helps you with your endeavors. Thank you. -- Eduardo From alpine-info at u.washington.edu Thu Apr 11 13:35:46 2024 From: alpine-info at u.washington.edu (NM Public via Alpine-info) Date: Thu Apr 11 13:36:01 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: Thank you very much Carlos. Your steps, especially the two steps quoted below worked for me (using Git Bash on Windows)! If I write about this on www.ii.com, do you mind if I include your steps in my article? I will of course give you credit and link to you - please send me a good link to use for you. Thanks! Nancy happy to be able to use PC-Alpine on this kind of new PC PS - this is the first non-test message I'm sending from PC-Alpine 2.26 :) On Thu, 11 Apr 2024, Carlos E. R. via Alpine-info wrote: > cer@Telcontar:~/tmp/alpine> gpg --import alpine.chappa@yandex.com.gpg gpg: > key BEB04EE9EA8259AD: "alpine.chappa@yandex.com" not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > cer@Telcontar:~/tmp/alpine> gpg --verify alpine-2.26.tar.xz.sig > alpine-2.26.tar.xz > gpg: Signature made 2022-06-03T02:14:17 CEST > gpg: using RSA key 7BCC14640B206433AC2D511FBEB04EE9EA8259AD > gpg: Good signature from "alpine.chappa@yandex.com" [unknown] > gpg: aka "Eduardo Chappa " > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 7BCC 1464 0B20 6433 AC2D 511F BEB0 4EE9 EA82 59AD > > > That's the procedure for verifying the sources (although there is a chain of > trust problem in what I did). You can not gpg verify the windows binary > because the signature is not published. From alpine-info at u.washington.edu Thu Apr 11 13:44:50 2024 From: alpine-info at u.washington.edu (NM Public via Alpine-info) Date: Thu Apr 11 13:46:25 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: Thank you Eduardo! I'm glad I was able to verify this download. I try to be security conscious, especially after the recent xz backdoor 😱 Good to be back in touch! Nancy On Thu, 11 Apr 2024, Eduardo Chappa via Alpine-info wrote: > Hello Nancy, > > thank you for trying version 2.26. I do not normally post gpg signatures > for windows binaries. This has to do with moving files between computers > which leads to losing information (keys) and me not using gpg on a daily > basis (so I am happy to regenerate keys as much as I need, when I need). I've > been good about this in the last few years, so all is good at this time. > > I posted a signature for the windows binary at > > https://alpineapp.email/alpine/release/src/sig/windows-2.26.zip.sig > > I hope this helps you with your endeavors. From alpine-info at u.washington.edu Thu Apr 11 15:29:10 2024 From: alpine-info at u.washington.edu (Carlos E. R. via Alpine-info) Date: Thu Apr 11 15:29:18 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: On 2024-04-11 22:35, NM Public via Alpine-info wrote: > Thank you very much Carlos. Your steps, especially the two steps quoted > below worked for me (using Git Bash on Windows)! > > If I write about this on www.ii.com, do you mind if I include your steps > in my article? I will of course give you credit and link to you - please > send me a good link to use for you. Just mention that you were helped in this mail list :-) I mentioned that my steps have an issue, namely that I got the three files from the same source, so the verification is actually moot. The public key has to be obtained independently, and verified with a chain of trust. Basically, signed by someone who knows Eduardo in person, or signed by someone who knows someone and both signed one another, etc. Which is hardly ever possible. There must be hundreds of howtos and documents explaining these issues out there. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 209 bytes Desc: OpenPGP digital signature URL: From alpine-info at u.washington.edu Thu Apr 11 23:46:04 2024 From: alpine-info at u.washington.edu (Eduardo Chappa via Alpine-info) Date: Thu Apr 11 23:46:15 2024 Subject: [Alpine-info] How do I use gpg to verify alpine-2.26.zip? In-Reply-To: References: Message-ID: <807d78b8-f67c-9875-6f17-a44296e52338@yandex.com> On Thu, 11 Apr 2024, NM Public via Alpine-info wrote: > Thank you Eduardo! I'm glad I was able to verify this download. I try to > be security conscious, especially after the recent xz backdoor > ?????? > > Good to be back in touch! Thank you Nancy for the information on the xz utils issue. It is very useful. I am glad to see you back, and I look forward to reading your posts in the future. -- Eduardo