[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-devel
Subject:    Re: [Announce] GnuPG 2.2.18 released
From:       ilf <ilf () zeromail ! org>
Date:       2019-11-30 7:00:27
Message-ID: 20191130070027.GA3555115 () zeromail ! org
[Download RAW message or body]

Thanks for the new release.

I run "gpg --check-trustdb --quiet" via cron, but now on every run it 
outputs:

> gpg: Note: third-party key signatures using the SHA1 algorithm 
> are rejected

man gpg(1) sais:

>      -q, --quiet
>                    Try to be as quiet as possible.

IMHO, gpg should not output that line when used with --quiet.

Best


Werner Koch via Gnupg-devel:
> This release also retires the use of SHA-1 key signatures created 
> since this year.

>  * gpg: Prepare against chosen-prefix SHA-1 collisions in key 
>    signatures.  This change removes all SHA-1 based key signature 
>    newer than 2019-01-19 from the web-of-trust.  Note that this 
>    includes all key signature created with dsa1024 keys.  The new 
>    option --allow-weak-key-signatues can be used to override the new 
>    and safer behaviour.  [#4755,CVE-2019-14855]

-- 
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]