Peter Eisentraut wrote: > The upstream maintainer of dirmngr (Werner Koch) has asked me to propose > dirmngr 1.0.2 for inclusion into lenny: > > """ > The last release is close > to a year old but we have always worked on the package and made it more > stable and added new features. Most work has been done as part of the > Windows port which is required for the Koloab port to Windows. we have > received numerous bug reports and fixed those as well as some other > annoying things. > > Given that only Kleopatra (the KDE certifciate mamanger) depends on > dirmngr I don't see any possible regression updating it even after the > Lenny freeze. In fact the Kleopatra development goes hand in hand with > the GnuPG and dirmngr development and thus I am pretty sure that 1.0.2 > is far better than 1.0.1. For the years to come with Lenny, it would be > really really good to have the this version in it. > > Some more facts: > > * The LOOKUP command does now also consults the local cache. New option > --cache-only for it and --local for dirmngr-client. > > This means that it will be much easier for administrators to convey > useful certifciates to their users. This works with GnuPG 2.0.9 - not > hard dependency but gnupg 2.0.9 uses this feature it if available > > * Improved certificate chain construction. > > This is actually a security fix. It was often not possible to verify > a the authenticity of some widely used CRLs due to the use of some > nin-common X.509 features. Thus people tended to disable CRL > checking. > > * Support loading of PEM encoded CRLs via HTTP. > > There are productive PKIs out there which really provide CRLs base64 > encoded - really stupid to do so but weel, we can make it work. > > * Many other bug fixes collected over a year. > """ > > Is this OK to upload?
121 files changed, 9950 insertions(+), 6728 deletions(-) Sorry, but this is too much to review, not unblocked. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
