On Mon, Jun 12, 2023 at 09:54:45PM +0200, Steffen Nurpmeso wrote:
> |No it isn't. Changing the subject and adding the footer is a damaging
> |anti-pattern from mid-nineties. If the end-user wants to filter mail, \
> |they can
> |do it based on the List-Id header or any other criteria. Lists
On Mon, Jun 12, 2023 at 06:45:37PM +0200, Alessandro Vesely via Gnupg-users
wrote:
> > What the list-software would need to do is to strip the original DKIM
> > signature
>
> Why? Original signatures can often be recovered. They shouldn't be removed
> anyway.
If list-software is doing
On Mon, Apr 17, 2023 at 03:22:42PM +0200, Werner Koch via Gnupg-users wrote:
> >> > gpg (GnuPG) 2.0.22
>
> That version reached end-of-life more than 5 years ago. Don't use it.
If you need a newer version of GnuPG for RHEL7 systems, you can install
gnupg24-static from this COPR:
On Wed, Jul 13, 2022 at 09:22:36AM -0400, Todd Zullinger via Gnupg-users wrote:
> > Maybe it helps to report the problem of missing crypto algorithms to your
> > GNU/Linux distribution.
>
> They aren't really missing but rather intentionally removed
> due to legal issues on Fedora/Red Hat. This
On Fri, Jul 08, 2022 at 11:07:36PM +0200, Ingo Klöcker wrote:
> > That key doesn't appear to be provided via
> > https://gnupg.org/signature_key.asc.
>
> Yes, it is.
>
> ```
> $ curl https://gnupg.org/signature_key.asc | gpg --import
> [...]
> gpg: key 549E695E905BA208: 1 signature not checked
On Wed, Jul 06, 2022 at 08:38:04PM +0200, Werner Koch via Gnupg-users wrote:
> Hi!
>
> This is a quick announcement that a new GnuPG release for 2.2 is
> available. We will also preprare a 2.3 release in the next days but due
> to summer holidays things are a bit delayed.
Hello:
I'm trying to
On Tue, May 31, 2022 at 12:17:05PM -0400, Todd Zullinger via Gnupg-users wrote:
> Hello again,
>
> I wrote:
> > Dirk Gottschalk via Gnupg-users wrote:
> >> A workaround for this is to download the SRPM, remove the
> >> line '--disable-brainpool' and rebuild the package.
> >
> > Ahh, excellent.
On Tue, Feb 15, 2022 at 12:32:50PM -0800, Dan Mahoney (Gushi) via Gnupg-users
wrote:
> Thus, using that as a prefetch method to grab the current version of our
> codesign@ key into our keyring is not helpful either, unless we "faked it"
> by attempting to encrypt a message to that address, then
On Tue, Jun 29, 2021 at 05:53:53PM +0200, Bernhard Reiter wrote:
> Am Dienstag 29 Juni 2021 14:44:39 schrieb Konstantin Ryabitsev via
> Gnupg-users:
> > With this change, they are replacing PGP with ed25519, but everything else
> > remains pretty much the same
>
> But O
On Tue, Jun 29, 2021 at 08:37:56AM +0200, Bernhard Reiter wrote:
> Am Sonntag 27 Juni 2021 18:56:15 schrieb Стефан Васильев via Gnupg-users:
> > maybe interesting for some of you.
> > https://wiki.debian.org/Teams/Apt/Spec/AptSign
>
> This does not have references on the problems it is claiming
On Thu, Jun 17, 2021 at 04:19:24PM +, Ajax via Gnupg-users wrote:
> > >> $ build-aux/getswdb.sh
> > >
> > > Which gave :
> > > ... No such file or directory
> >
> > $ tar tjvf gnupg-2.2.28.tar.bz2 | grep getswdb.sh
> > -rwxr-xr-x 1000/1000 4831 2021-05-21 07:35
> >
On Wed, Jun 16, 2021 at 04:29:32PM +, Ajax via Gnupg-users wrote:
> With gnuupg-2.3.1
>
> make -f build-aux/speedo.mk native
>
> gives "download of swdb.lst failed"
>
> The above is on a Debian 10 buster box.
>
> I've not been able to find swdb.lst nor how to work without it; I'd be
>
On Tue, Jan 05, 2021 at 09:46:01AM -0500, Robert J. Hansen via Gnupg-users
wrote:
> On Tue, 2021-01-05 at 15:38 +0100, Werner Koch via Gnupg-users wrote:
> > Virtually nobody uses the WoT...
>
> Strangely, the Linux kernel folks still use it a decent amount.
> They're the only large group I can
On Tue, Jan 05, 2021 at 07:27:14AM -0500, Jean-David Beyer via Gnupg-users
wrote:
> Building a web of trust is so hopeless, from my point of view, that I have
> abandonned gnupg. I have made keys for myself, obtained enigmail for my
> Firefox browser, etc. But those with whom I correspond by
On Mon, Oct 05, 2020 at 05:37:57PM +0200, Stefan Claas wrote:
>
> Why I came up with this idea? Well I thought of a way to send private content
> digitally,
> without Internet usage, so that 3rd parties outside the EU have it difficult
> to intercept
> such messages, in order to protect EU
On Thu, Sep 03, 2020 at 06:44:35PM +0200, Werner Koch via Gnupg-users wrote:
> Hello!
>
> We are pleased to announce the availability of a new GnuPG release:
> version 2.2.23. This version fixes a *critical security bug* in
> versions 2.2.21 and 2.2.22.
For those using gnupg22-static on el7 via
On Tue, May 12, 2020 at 11:24:57AM +0200, Johan Wevers wrote:
> > For example, a 256 bit elliptic curve key has a similar strength to
> > a symmetric key of 128 bits.
>
> Until, of course, a working quantum computer with more than a few qubits
> is constructed.
Don't worry, there's literally
On Thu, Apr 30, 2020 at 11:07:11PM -0400, Barry Smith via Gnupg-users wrote:
> Let me continue by explaining some back up information for my
> question.
> - I am asking in terms of the latest standards implemented in distros and
> Windows .exe auto-install packages.
> - I am trying to create a
On Fri, Mar 20, 2020 at 11:35:34AM +, Andrew Gallagher wrote:
> (*) Yes, I have to use CentOS 7. Customer requirement. :-(
If using third-party repositories is an option for you, we package
gnupg22-static here:
https://copr.fedorainfracloud.org/coprs/icon/lfit/packages/
-K
signature.asc
On Fri, Jan 03, 2020 at 07:06:42PM +0100, john doe wrote:
> $ gpg -K
>
> -
> sec rsa4096 2020-01-03 [C] [expires: 2020-01-04]
> 3C5CFD620005347A62052A6B596CB80D30E8829D
> uid [ultimate] Firstname Lastname
> ssb rsa4096 2020-01-03 [S] [expires:
Hi, all:
I came across an interesting gpg failure while trying to build
git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage
attempts to verify the tarball signature using Junio's PGP key:
%prep
# Verify GPG signatures
gpghome="$(mktemp -qd)" # Ensure we don't use any
Hi, all:
I provide an RPM package called gnupg22-static for those who need to run
newer versions of GnuPG on CentOS-7 environments (it's stuck on
gnupg-2.0 there). For compilation, I use the convenient STATIC=1
mechanism, but there's still the problem that all paths end up being
hardcoded to
On Mon, Jul 01, 2019 at 06:41:41PM +0200, Werner Koch via Gnupg-users wrote:
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
- subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we
On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
The problem with autocrypt are the cases where its security measures
are
tested. There is not good way to interact with the users in those cases.
I know this is not parts of its design goals, but it works against a
On Sun, Jun 30, 2019 at 03:49:55AM -0700, Mirimir via Gnupg-users wrote:
c) what happens when they go after more certificates?
If you're willing to blackhole two certs, great. Where does it stop?
How many certs can the strong set stand to lose?
Your third point is actually why I suggested
On Fri, Jun 14, 2019 at 05:25:05PM +0300, Teemu Likonen wrote:
The current shortcoming is stripping third-party signatures. So Web
of
Trust wouldn't work (for good reasons described in the FAQ [0]). For
some people this may be surprising.
It may turn out to be a good choice to leave other
On Fri, Mar 08, 2019 at 08:05:53PM +0100, john doe wrote:
Hi,
I'm considering working on a project that has only for now a couple of
developers.
As part of that project everything that will be released will need to be
gpg signed.
What is the best way forward?
- One signing key accessible on
On Sun, Feb 17, 2019 at 08:23:38AM +0200, Teemu Likonen wrote:
gpg-graph
-
https://github.com/tlikonen/gpg-graph
This program parses "gpg --batch --no-tty --with-colons
--check-signatures -- [...]" and prints graph data for Graphviz for
drawing nice web of trust graphs.
$ gpg-graph
Hello:
I'm trying to package a static build of gnupg22 so I don't have to copy
things manually to each CentOS-7 system where I need ECC crypto support.
I'm using the following to build gnupg-2.2.8 inside the RPM:
make -f build-aux/speedo.mk STATIC=1 CUSTOM_SWDB=1 \
don't have to wait for
days before new signatures are reflected in the wotsap file.
Example usage (assuming you have Linus Torvalds' key in your keyring):
./make-sqlitedb.py
./graph-paths.py torvalds
eog graph.png
Best,
--
Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux
is only needed to build from a non-released version.
> You don't need it with a released tarball.
Oh, nice, thanks for putting that in!
Best,
--
Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux Foundation
signature.asc
Description: OpenPGP digital signature
_
ectly handle LD_LIBRARY_PATH bits.
> We want all users to be using the same version all of the time.
Is that for documentation purposes, or because you need features from
gnupg-2.2 that aren't in gnupg-2.0?
Best,
--
Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux Foundation
Hi, all:
I am not sure if what I am experiencing is expected TOFU behaviour or
not, and I'm hoping someone can help me figure that out. I'll show on a
live example (skipping irrelevant output).
This is gnupg-2.2.4 on Fedora 26.
[user@disp1132 ~]$ export GNUPGHOME=$(mktemp -d)
33 matches
Mail list logo