On Mon, Jan 4, 2010 at 12:32 AM, Craig L Russell <[email protected]> wrote: > Hi Peter, > > The only reason *not* to use 1.4.10 IMHO is if the generated artifacts > somehow are incompatible with other GPG programs out there.
unfortunately, some older programs are no longer secure after the SHA-1 breakage. you need to check that SHA is set to 512 (or 256) for signing and that both encrypt and sign keys are 4096 bit RSA (the older versions did not use RSA for both keys). - robert
