-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/13/14 9:22 AM, Daniel Kahn Gillmor wrote: | On 11/13/2014 07:01 AM, Werner Koch wrote: |> gpg: Make the use of "--verify FILE" for detached sigs harder. | | thanks for doing this, Werner. | |> Now waiting which tools or scripts will break. I checked a few |> (including dpkg) and they do the Right Thing. | | i'm glad to hear this. | |> Shall this be ported to 2.0 and 1.4 and fixes released? I guess |> yes. | | yes, please. This is an important security hardening, and it | shouldn't depend on which branch people are using. | | If people have tools that break because of this change, those tools | were probably vulnerable to even worse breakage (silent breakage | where things they thought were validated weren't actually | validated), so this is a valuable fix, even if there's short-term | difficulty.
+1 to all of dkg's points. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJUZQOdAAoJEFzGhvEaGryE8csIAILZzFlDXwELtfN7OHUXLqTZ 5H6Zzebx5c+DcxsF/7Yks/jzPUQ+AnMCWE52DEuRSQTPTRAhTei+sWueNlF2b/1h Yh6WwfLONtoX+Axk7crgjGkHANJaLN/tb7EllNxUsTOtHK84T7k2X5wf8acmgW0a L0C9pXQ/piK7XZCMB0wuqcjaShdorD0GRUne+5h5+p3KHP4eb8qSYfORdL10l/lk fu3/4ARGqIf1rIIEFQc2OP5KX+ElD3K84SX1ff915S07bdPlTnYTKZUWxmqROgOw UP96HjHdSwVXmo50hizozzfHj4S59tq1ttmes0YUe3E+eDhieg7/wqTqEm5Xwi4= =dT7B -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
