Attack costs

2017-10-10 Thread listo factor via Gnupg-users 

Firstly, I think it's really easy to get carried away here with
security measures one probably doesn't really need.  If you do have a
need for air-gapped computers then you also have a need for a lot of
other security measures.

1) How good are the locks on the doors to your house?
2) What about your windows?

(...)

Just my opinion and it's not meant as criticism just as "food for thought"


Well, here goes:

A competent adversary can spend $100K to develop and deploy a software 
tool that will compromise computers of one thousand of its opponents. 
Thus the cost per compromised computer is $100.- If it costs $1000.- per 
opponent to send an operative (or, more likely, a team of operatives) to 
physically enter the computer location in order to compromise it, the 
total cost to the attacker is one million.


The numbers are, obviously, for illustrative purposes only. But my 
thoughts is this: when it comes to mass surveillance, over-the-net 
attacks may indeed be of significantly greater concern than physical 
attacks.


(Another, perhaps tangential, thought: in the era of mass surveillance, 
money is the principal limiting factor for a whole class of large 
institutional attackers - both ethical and legal limitations are long gone).


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Werner Koch 
On Tue, 10 Oct 2017 04:06, r...@sixdemonbag.org said:
> A request has been made that each instance of "Linux" in the FAQ be
> replaced with "GNU/Linux".

Some distros call themselves "Foo GNU/Linux" and if the part of the FAQ
is about this specific distro, you should call it this way.  However in
most cases "Linux" describes the environment well enough and there is no
need to confuse people.

I'd say, keep it as it is.


Shalom-Salam,

   Werner



p.s.
Remember: “Nobody expects the Free Software Police.”

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp00LGn1zUEG.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Peter Lebbing 
Let me start off by saying security is almost never absolute. I think it
approaches some really basic economics: how much do you think your
opponent is willing to spend to compromise your security? How much are
you willing to spend to protect it?

So there is no silver bullet. It depends on your threat model.

On 10/10/17 03:57, Robert J. Hansen wrote:
> The point of using the
> old photoreceptor was that way we were dead certain there was no
> exploitable integrated circuit in the photoreceptor...

I don't really see the point of purposely reducing the bitrate of a
serial link.

The online system on one end of the link is potentially hostile. It can
still be hostile through a completely bona fide serial link. It would be
indistinghuihable from a hostile integrated circuit on the online system
side of the link.

I don't consider it likely that the offline computer would just start
interpreting stuff sent over a serial port; there would be no software
running trying to make something of the data and accidentally expose an
arbitrary code execution through a flaw.

Instead, there would just be a data transfer utility, let's say zmodem,
which would be simple enough to audit and write in an extremely
defensive manner.

If you need to get data out of the offline system, you still need a wire
back. If not, you can cut it.

If I were making custom hardware, I'd do something like this:

An ARM microcontroller with USB-device port. Connected to, ah, let's say
two 20 MHz SPI links. Connected to a second identical ARM
microcontroller with USB-device port. It would just offer a basic
USB-to-serial interface to the connected PC. But instead of an actual
regular serial interface, it would transfer all data bytes over the SPI
links. The firmware of the microcontroller would be so straight-forward
that you can clearly see that it will never do anything other with data
on the SPI bus than relay it to the USB side.

Pick a high-performance microcontroller, and you could get a 40 Mbit/s
serial line. If the microcontroller connected to the online system were
compromised, it could still not do anything more than send plain data
bytes to the other, trusted, offline side. It can't do more than a
compromised online computer could already achieve.

> Yep, they are.  Seen them myself in the malware lab.  No further comment
> available, as I'm bound by NDA-of-doom.

Thanks a lot for sharing what you are allowed to divulge! I really think
it's great you chose to do that. Thanks.

> If you think about it for a while I'm
> pretty sure you'll figure out how, but I unfortunately cannot connect
> the dots for you.

I wrote a quick short e-mail with food for thought, there is so much
detail I left out.

The first thing I can think of relates directly to left out detail. If
there is a bug in a filesystem driver you have enabled, it's possible
that a manipulated filesystem could trigger arbitrary code execution,
with kernel privileges. This would be possible with any piece of
hardware that the kernel can treat as a block device, not just SD cards.

So you would need to configure your system in such a way that it never
*tries* to scan any new block devices you connect to the system after it
has booted[1]. This is where I don't think that you can ever be sure
what Windows all does when removable storage is connected. Yet with a
basic Linux or BSD system, it's much better possible to locate
functionality that tries to scan removable storage.

So you disable all removable storage scanning and just use an
incremental tar archive directly on the block device to transfer your
debian-security mirror and your encrypted/signed files. Again there is
an attack surface, the tar program, but it is greatly reduced.

The thing with evil USB is that there are so many device drivers with so
many different functions, and any one of them can become active and
start communicating with your compromised USB device. With an SD card,
at least you can reduce it to something like the driver for SD storage
(probably a good idea to remove SDIO drivers), the block layer, the
partition table parsers (don't think you'll be able to lose those), and
some more stuff. Interestingly, with (U)EFI, it's also possible there is
still some firmware actually active during operation.

Note that it's not enough to just actually *use* a plain tar archive
directly on a block device. You need to make sure that your offline
system will never *try* to interpret it differently. It's not how you
use it, it's how it *can* be used. I see people sometimes forgetting
this important distinction. Even if /you/ don't place a plain,
unencrypted filesystem on the block device, your attacker could still do
that anyway.

> Yep!  Been done.  SATA firmware has been exploited via the JTAG
> interface, new firmware loaded onto it, and been used as a vector.

In fact, a good friend of mine did this and did a fantastic talk about
it at the OHM2013 hackers camp:



He went a

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Pete Stephenson 
On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote:
> I read once here on the Mailing List that one should only use
> trusted USB devices, whatever that means, when using an USB
> device.

If you must use USB devices for some reason, take a look at the

flash drive.

It's designed specifically to protect against "badUSB", where the
controller and firmware can be compromised. The controller has the
developer's public key baked in during manufacture. The firmware is
signed and can only be loaded once (no provision is made for
in-the-field firmware updates). The controller verifies the firmware and
its signature at every power-on. If a malicious actor had physical
access and re-flashed the firmware, the controller would notice and fail
to load.

It also has a physical write-protect switch that can prevent unwanted
writes.

It's a plain flash drive and doesn't have built-in encryption (though
the company sells those too) but it should have a higher assurance of
not being compromised or compromisable at the hardware level than a
typical off-the-shelf USB device.

I use it with my offline Raspberry Pi 2 that I use for private key
operations for my primary keys (as opposed to subkeys, which are on
smartcards). The Pi 2 uses LUKS for encrypting the microSD card it uses
for storage and is never connected to the network. It's more than
adequate in terms of performance and is cheap enough that I have a bunch
lying around the house anyway. ;)

Cheers!
-Pete

-- 
Pete Stephenson

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Peter Lebbing 
On 09/10/17 21:14, Stefan Claas wrote:
> So i thought maybe i buy one, let's say with Windows 10, never update
> or upgrade it due to it's permanent offline state

Whether I would consider this sane or not depends a lot on the type of
data you'll be handling on the offline machine. If it's just checking
signatures on plain text, it sounds somewhat reasonable though I would
never consider Windows 10 for it. You don't know all the ways in which
it is trying to be user-friendly by interpreting data. So for all I know
even a short file stored as .txt might be checked to see if perhaps it
can be interpreted as an icon to show in the file manager. Add a buffer
overflow in the icon image parser, and you have an attack vector. At
least with free software, you can inspect the way it works, and probably
isolate all the services that are trying too hard to be helpful.

If, on the other hand, you are using rich file formats like images or
marked up documents, it sounds like a really bad idea to not patch
security vulnerabilities.

Same for Certificate Requests you are going to sign with an X.509
Certificate Authority on the offline system. A much too rich format
(ASN.1!) to not update security issues, but it would be a very common
use case for an offline system.

It would be really helpful if all you needed to transfer to the offline
system were secure data rather than software updates. But if that secure
data is anything more than trivial, I think you really do need updates,
unfortunately.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Peter Lebbing 
On 10/10/17 04:06, Robert J. Hansen wrote:
> I'm not inclined to make this change.

That to me means I would support leaving it as is. I don't feel strongly
on writing it one way or another, but I do dislike the pressure some
people exert on others pushing their view. If however you are
consistently writing "Microsoft Windows®" everywhere in the FAQ, I'd
find it natural to write "GNU/Linux" as well.

I think you should pick your fights. That means I think people shouldn't
be pushing others to include GNU/. It also means I would soon capitulate
and just give them their way, changing it to GNU/Linux. It's just not
worth it. Luckily, I've yet to see people pushing to drop the GNU/ :-).

> If anyone has strong feelings on it one way or another, chime in.

I'm chiming in to say I don't have strong feelings :-D.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Shawn K. Quinn 
On 10/10/2017 01:46 AM, Robert J. Hansen wrote:
>> However, if the GnuPG FAQ is talking about an operating system built
>> from the Linux kernel and the GNU userland (coreutils, libc, etc), then
>> "GNU/Linux" is not only the respectful term to use, it's the more
>> accurate and precise term.
> 
> I disagree.  It's a more political term.

There is nothing political about giving proper credit to the GNU Project
for the operating system (the software which Linux, the kernel, boots
into in order to provide a useful system).

> With respect to specific distros, we ought use the name the distro
> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
> set up these distros have given their distros names, and it seems
> appropriate to use the names properly.  It is as inappropriate to refer
> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
> that's rejecting the community's right to name their distro what they wish.

I will happily refer to, for example, Ubuntu GNU/Linux since there is
clearly a GNU userland surrounding Linux, the kernel. I feel wrong doing
otherwise.

> When speaking generically about operating systems using the Linux
> kernel, there it seems GNU is also inappropriate.  GNU is not an
> inseparable part of Linux; we should not promulgate the myth they are.

I agree that it is possible to use other userlands (BSD derivatives, or
whatever Android is) with Linux, the kernel. However, the vast majority
of so-called "Linux distributions" in fact rely on GNU software (most
notably GNU coreutils and GNU libc) to function.

> In the FAQ, wherever "Linux" is used as a generic descriptor it is in a
> context where the presence of GNU utilities is irrelevant.  Example:
> "there is no single, consistent way to install GnuPG on Linux systems."

s/on Linux systems/on systems which boot using Linux, the kernel/

-- 
Shawn K. Quinn 
http://www.rantroulette.com
http://www.skqrecordquest.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread ankostis 
On 10 October 2017 at 08:46, Robert J. Hansen  wrote:
> ...
> In the FAQ, wherever "Linux" is used as a generic descriptor it is in a
> context where the presence of GNU utilities is irrelevant.  Example:
> "there is no single, consistent way to install GnuPG on Linux systems."
> The truth/validity of that statement is in no way dependent on whether
> one's talking about a system that uses the GNU userland or the BSD userland.

Is there Linux with BSD userland?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg on read-only filesystem

2017-10-10 Thread Fourhundred Thecat 
Hello,

I am using gnupg 2.1.18-6 on Debian Stretch.

My root partition (/) is mounted read-only and I cannot use gpg as root,
because gpg wants to start gpg-agent and write to /root/.gnupg/

ie:

  gpg -d file.gpg

  gpg: error creating keybox '/root/.gnupg/pubring.kbx': Read-only file
system
  gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
  gpg: can't connect to the agent: IPC connect call failed
  gpg: problem with the agent: No agent running
  gpg: decryption failed: No secret key

With gpg version 1, I could use --lock-never and --no-use-agent and it
worked on read-only filesystem.

How can I use gpg version 2 on read-only filesystem and without agent ?

thanks,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP for official documents / eIDAS and ZertES

2017-10-10 Thread ankostis 
But it doesn't have to be XML!
Besides ETSI, the european organization implementing eIDAS has 3 "standards"
(e.g. [1]):
XADES(XML), PADES (pdf), CADES - the last one doubting if it has any modern use.

Why not push them for a new PGPADES standard?

Best,
  Kostis

[1] https://blogs.adobe.com/security/91014620_eusig_wp_ue.pdf

On 2 June 2017 at 22:37, Ben McGinnes  wrote:
> On Fri, Jun 02, 2017 at 09:39:51PM +0200, Werner Koch wrote:
>> On Wed, 31 May 2017 19:34, ankos...@gmail.com said:
>>
>> |  >>I have some questions related to XML-Dsig:
>> |  >
>> |  >Argghh!! Run away!
>> |
>> |  A near-universal reaction.
>>
>> XML crypto can be summarized as
>> we-repeat-all-bugs-the-other-two-protocols-meanwhile-fixed-and-add-extra-complexity-for-even-more-fun
>> See also 
>
> I like XML, it's very good at what it was originally intended for.  I
> like crypto, and specifically OpenPGP, too and for much the same
> reasons ...
>
> I am *not*, however, crazy enough to to even consider attempting this.
> That way lies only madness and ruin.  Or, to put it another way, I
> listened to Peter the first time around.  ;)
>
>> ps. I already have my share of grey hair from implementing X.509/CMS.
>> There is not enough left for an XML crypto endeavor.
>
> Mine's not expendable either and I didn't need to go anywhere near
> X.509 to know that.
>
> The closest anyone should get to that sort of thing is "I have foo.xml
> and I've signed it, I now also have foo.xml.sig" and that's it.
>
>
> Regards,
> Ben
>
> P.S.  You heard me say "no" right?  Just checking ...

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Safe transfer via USB devices

2017-10-10 Thread Anna 
heyyy so ive been trying to make this work for a couple days was ready to 
give up on here but here we are... and let me know when free  listo? Id 
still be down for doing something so hit me back and let me know your 
intentions? haha want my pics now?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Nils Vogels 
On 10 Oct 2017 4:06 am, "Robert J. Hansen"  wrote:
I do know about subverting SATA harddisks, but haven't heard about it
actually being used, unlike USB. SATA sounds reasonable as well.
Yep!  Been done.  SATA firmware has been exploited via the JTAG
interface, new firmware loaded onto it, and been used as a vector.And this has been documented quite well, and is quite doable to repeat.http://spritesmods.com/?art=hddhack___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Safe transfer via USB devices

2017-10-10 Thread Anna 
I am feeling distress about all issues. Im still wanna wating for some gun. 
Lets do cam at this moment without using a card. Its simple and no cost to 
Join.Just create a https://govice.online/click?offer_id=28&affiliate_id=1770&sub_id1=";>free
 account here No Need Card only need your email address. so please 
don’t make excuses. Lets get this going im ready anytime to meet you. 
Search with Anna77 my username after u done email verification. Am so wet...

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Stefan Claas 

Am 10.10.2017 um 04:51 schrieb Duane Whitty:


I find this topic quite interesting so if I may comment a little more...

Firstly, I think it's really easy to get carried away here with
security measures one probably doesn't really need.  If you do have a
need for air-gapped computers then you also have a need for a lot of
other security measures.

1) How good are the locks on the doors to your house?
2) What about your windows?
3) What about fire protection?
4) What about data backups?
5) Do you have a policy and mechanism in place for how long you keep dat
a?
6) How about backup security, both on-site and off-site?
7) What mechanism will you use for media destruction when your policy
indicates you don't need certain data any longer?
8) How are you protecting your public/private keys?
9)...

I could continue to go on but maybe I'm getting carried away here.
The point I'm trying to make is that if there are lots of attack
vectors and just focusing on where you encrypt/decrypt messages
doesn't necessarily make you that much more protected.

Just my opinion and it's not meant as criticism just as "food for though
t"



Thanks for your reply and the points you have outlined!

I do find this topic interesting as well, hence why i started it. :-)

My thread model is not as high as of other peoples,  i assume.

I came up with this idea while reading about black/red boxes computers,
which act as online/offline computers. And i recently discovered Neal
Walfield's "An Avanced Introduction to GnuPG". At page 42 of his .pdf
he speaks of offline computers as well.

https://begriffs.com/pdf/an-advanced-introduction-to-gnupg.pdf

Even if i'm maybe now on the radar of some folks and i could have no
chance to properly secure my PGP communications in the future,
at least this discussion may help the interested reader how to use
GnuPG in the future, in a more secured way.

Best regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Stefan Claas 

Am 10.10.2017 um 09:26 schrieb Pete Stephenson:


On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote:

I read once here on the Mailing List that one should only use
trusted USB devices, whatever that means, when using an USB
device.

If you must use USB devices for some reason, take a look at the

flash drive.


Thanks a lot for the information, much appreciated!

Best regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Stefan Claas 



Am 10.10.2017 um 13:59 schrieb Stefan Claas:


I came up with this idea while reading about black/red boxes computers,
which act as online/offline computers. And i recently discovered Neal
Walfield's "An Avanced Introduction to GnuPG". At page 42 of his .pdf
he speaks of offline computers as well.

https://begriffs.com/pdf/an-advanced-introduction-to-gnupg.pdf



Appologies, here is the complete page link:

https://begriffs.com/posts/2016-11-05-advanced-intro-gnupg.html

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Stefan Claas 

Am 10.10.2017 um 11:22 schrieb Peter Lebbing:


On 09/10/17 21:14, Stefan Claas wrote:

So i thought maybe i buy one, let's say with Windows 10, never update
or upgrade it due to it's permanent offline state

Whether I would consider this sane or not depends a lot on the type of
data you'll be handling on the offline machine. If it's just checking
signatures on plain text, it sounds somewhat reasonable though I would
never consider Windows 10 for it. You don't know all the ways in which
it is trying to be user-friendly by interpreting data. So for all I know
even a short file stored as .txt might be checked to see if perhaps it
can be interpreted as an icon to show in the file manager. Add a buffer
overflow in the icon image parser, and you have an attack vector. At
least with free software, you can inspect the way it works, and probably
isolate all the services that are trying too hard to be helpful.

If, on the other hand, you are using rich file formats like images or
marked up documents, it sounds like a really bad idea to not patch
security vulnerabilities.

Same for Certificate Requests you are going to sign with an X.509
Certificate Authority on the offline system. A much too rich format
(ASN.1!) to not update security issues, but it would be a very common
use case for an offline system.

It would be really helpful if all you needed to transfer to the offline
system were secure data rather than software updates. But if that secure
data is anything more than trivial, I think you really do need updates,
unfortunately.



Thanks for your detailed explanation!

The only purpose i will use this offline Netbook for is to 
encrypt/decrypt and sign/verify

messages. Nothing more. O.k. and write messages in notepad.

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Is there some writeable memory on the OpenPGP-card

2017-10-10 Thread Matthias Apitz 

Hello,

I often switch at work with my OpenPGP-card among the workstations I'm
using. Some of them do not have (for security reasons) any network connection
between and it would be nice transfer some small files together with the
USB OpenPGP-card. Is there some memory for read/write on them, maybe
with some commands of the card daemon?

Thanks

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Stefan Claas 

Am 10.10.2017 um 13:59 schrieb Stefan Claas:



My thread model is not as high as of other peoples,  i assume.


threat model of course...

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is there some writeable memory on the OpenPGP-card

2017-10-10 Thread Damien Goutte-Gattat 

On 10/10/2017 01:38 PM, Matthias Apitz wrote:

it would be nice transfer some small files together with the
USB OpenPGP-card. Is there some memory for read/write on them, maybe
with some commands of the card daemon?


The OpenPGP Card specification defines "Private Use Data Objects" that 
you may use to store arbitrary data.


You can write to those DO using the "privatedo" command of the GnuPG's 
card editor. For example, to send the contents of the test1.txt file to 
the private DO #1:


  $ gpg --card-edit

  gpg/card> privatedo 1 < test1.txt

Caveats to be aware of:

* In versions 2.0 and 2.1 of the OpenPGP Card specification, private DOs 
are limited in size to 254 bytes each. (In version 3, there is no upper 
limit fixed in the specification.)


* Private DOs are optional and not all implementations support them. 
(Yubico's Yubikey NEO does not, for example).


Damien



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread charlie derr 
On 10/09/2017 11:20 PM, Francesco Ariis wrote:
> Hello Robert,
>
> On Mon, Oct 09, 2017 at 10:06:17PM -0400, Robert J. Hansen wrote:
>> A request has been made that each instance of "Linux" in the FAQ be
>> replaced with "GNU/Linux".
> A request has been made by whom?
>
>> I'm not inclined to make this change.  However, in order to make sure
>> that the FAQ reflects the community's wishes, I'm submitting the
>> proposal here for community feedback.
>>
>> If anyone has strong feelings on it one way or another, chime in.
> I would say it is a fair change.

+1

> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Ralph Corderoy 
Hi Robert,

> A request has been made that each instance of "Linux" in the FAQ be
> replaced with "GNU/Linux".

I thought this zealotry had fizzled out about 2013.  :-)

> However, in order to make sure that the FAQ reflects the community's
> wishes, I'm submitting the proposal here for community feedback.

Those preferring GNU/Linux are more likely to reply.

> If anyone has strong feelings on it one way or another, chime in.

Do not change to using GNU/Linux.  It's a purely political term;  there
is no case for technical accuracy.  Alongside GNU programs I have Clang,
musl C library, X Windows, KDE, Firefox, LibreOffice and many other
non-GNU project, non-GNU licensed, parts.  Singling out GNU for credit
is unfair to those.

"Linux" can be the kernel or a distro.  Context makes this clear in the
majority of cases.  Appending `kernel' or `distribution' in the odd
remaining case is sufficient.

GNU/Linux is more awkward to read, and to verbalise in the mind.  Using
RMS's declaration of correction pronunciation, "GNU slash Linux" or "GNU
plus Linux", makes this worse.  (He argues, correctly, saying "GNU
Linux" is wrong because it suggests Linux is a GNU project.)

The term GNU/Linux is dying a natural death.  Do not resuscitate.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mike Gerwitz 
On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
> A request has been made that each instance of "Linux" in the FAQ be
> replaced with "GNU/Linux".

GnuPG is part of the GNU operating system.  Anywhere "Linux" is used to
describe the GNU/Linux operating system, "GNU/Linux" should be used.

Please see:

  https://www.gnu.org/prep/maintain/maintain.html#GNU-and-Linux

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg on read-only filesystem

2017-10-10 Thread Daniel Kahn Gillmor 
On Tue 2017-10-10 10:51:16 +0200, Fourhundred Thecat wrote:
> I am using gnupg 2.1.18-6 on Debian Stretch.

Stretch currently ships 2.1.18-8~deb9u1.  please update ;)

> My root partition (/) is mounted read-only and I cannot use gpg as root,
> because gpg wants to start gpg-agent and write to /root/.gnupg/
>
> ie:
>
>   gpg -d file.gpg
>
>   gpg: error creating keybox '/root/.gnupg/pubring.kbx': Read-only file system
>   gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
>   gpg: can't connect to the agent: IPC connect call failed
>   gpg: problem with the agent: No agent running
>   gpg: decryption failed: No secret key
>
> With gpg version 1, I could use --lock-never and --no-use-agent and it
> worked on read-only filesystem.
>
> How can I use gpg version 2 on read-only filesystem and without agent ?

it looks like you're trying to decrypt a file.  it also looks like you
don't have any public keys stored on this machine.

so maybe you're trying to decrypt a symmetrically-encrypted
(password-protected) file?

I'm assuming that you have a writeable filesystem somehwere
(e.g. /tmp).  You could try the following:

export GNUPGHOME=$(mktemp -d)
gpg -d file.gpg
rm -rf "$GNUPGHOME"

hth,

--dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread ankostis 
+1
The are very few references of "Linux" in the FAQ btw.

On Tue 10 Oct 2017, 16:42 Mike Gerwitz,  wrote:

> On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
> > A request has been made that each instance of "Linux" in the FAQ be
> > replaced with "GNU/Linux".
>
> GnuPG is part of the GNU operating system.  Anywhere "Linux" is used to
> describe the GNU/Linux operating system, "GNU/Linux" should be used.
>
> Please see:
>
>   https://www.gnu.org/prep/maintain/maintain.html#GNU-and-Linux
>
> --
> Mike Gerwitz
> Free Software Hacker+Activist | GNU Maintainer & Volunteer
> GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
> https://mikegerwitz.com
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-- 

thumbs on glass
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Andrew Gallagher 
On 10/10/17 13:13, Ralph Corderoy wrote:
> 
> Those preferring GNU/Linux are more likely to reply.

This is a universal problem that is not understood well enough. If you
want to know what people actually think, you have to a) actively survey
them, and b) control for biases in the responses. This is a nontrivial
process. Anything else tells you at best what memes are trendy[1], and
at worst what factions are committed to entryism[2]. ;-)

[1] #boatymcboatface
[2]
http://www.telegraph.co.uk/news/politics/labour/11741861/How-you-can-help-Jeremy-Corbyn-win-and-destroy-the-Labour-Party.html

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Duane Whitty 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 17-10-10 10:13 AM, Mike Gerwitz wrote:
> On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
>> A request has been made that each instance of "Linux" in the FAQ
>> be replaced with "GNU/Linux".
> 
> GnuPG is part of the GNU operating system.  Anywhere "Linux" is
> used to describe the GNU/Linux operating system, "GNU/Linux" should
> be used.
> 
> Please see:
> 
> https://www.gnu.org/prep/maintain/maintain.html#GNU-and-Linux
> 
I respect your point-of-view and your right to express it.  I would
like to point out though that this link, from gnu.org, would be
expected (at least by me) to promote a GNU centric and rightfully
self-promoting view of how to proceed.

> 
> 
> ___ Gnupg-users mailing
> list Gnupg-users@gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I believe FAQ should be left as is.

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJZ3OknAAoJEOJfpr8UVxtkUIkIAJ4hMgWM7E9LMgM11up9fUBf
pvJ2AqLy3hwhrZkifNA543D4VoENj9FpmaajzOkjqDYeLYMT63nlA+Xv5z8/WhKT
hwqs5W0kUo4O8fhuy4dDcM9yJh1P9oSBuxMhtdv5MAupI5lRAPSmP9o71rhKTHeX
RC4vPColGcqrnb+D/4M2mPxoEADHxn6Tj5UZuRSqMkbm9yaBwFTrLOPQGLKLYo/j
ObRuuRzA56jojBfm8YmfB3JtQ1Aw0vi3fR89UMXq7Mk4ucChNEUIypUm+ld2OQ+c
juPtpMsouPzSys8FMk5237wHV0ZP4SbCJG3X0Wrr49lLB1jwTIL4E75AUwpHXug=
=Blzt
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Whitey 
Pete Stephenson wrote:
> On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote:
>> I read once here on the Mailing List that one should only use
>> trusted USB devices, whatever that means, when using an USB
>> device.
> 
> If you must use USB devices for some reason, take a look at the
> 
> flash drive.
> 
> It's designed specifically to protect against "badUSB", where the
> controller and firmware can be compromised. The controller has the
> developer's public key baked in during manufacture. The firmware is
> signed and can only be loaded once (no provision is made for
> in-the-field firmware updates). The controller verifies the firmware and
> its signature at every power-on. If a malicious actor had physical
> access and re-flashed the firmware, the controller would notice and fail
> to load.
> 
> It also has a physical write-protect switch that can prevent unwanted
> writes.

Since a flash drive is a read/write device, when would writes be
unwanted?  When should I use this?

--
Whitey

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Ralph Corderoy 
Hi Mario,

> the argument that GNU PG can be used on Linux

Please note, it's "GnuPG".  That's the project name.  If you wish to
acknowledge that it's a GNU project then it's GNU GnuPG.  :-)

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Leo Gaspard 
On 10/10/2017 05:55 PM, Mario Castelán Castro wrote:
> On 10/10/17 01:46, Robert J. Hansen wrote:
>> With respect to specific distros, we ought use the name the distro
>> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
>> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
>> set up these distros have given their distros names, and it seems
>> appropriate to use the names properly.  It is as inappropriate to refer
>> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
>> that's rejecting the community's right to name their distro what they wish.
> 
> To me it appears hypocritical that you are speaking of “respecting
> community rights” where the aforesaid communities (more precisely, the
> founding developers who are the ones that actually choose the name of
> the distribution, not the later community) have stepped over the right
> of the GNU project to be given proper credit.
> 
> Recall that the most important contribution of the GNU project is not
> the software packages, but starting the free software movement and
> developing the most important licenses. GNU/Linux distributions are only
> possible because of free software ideology, even though many such would
> hate to acknowledge this.

So we should call FreeBSD “GNU/FreeBSD” instead? Sorry, I could not resist.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Leo Gaspard 
On 10/10/2017 03:13 PM, Mike Gerwitz wrote:
> On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
>> A request has been made that each instance of "Linux" in the FAQ be
>> replaced with "GNU/Linux".
> 
> GnuPG is part of the GNU operating system.  Anywhere "Linux" is used to
> describe the GNU/Linux operating system, "GNU/Linux" should be used.

The occurences of “Linux” in the FAQ are in the following sentences,
according to a `git grep` in the FAQ directory:

> Except for a slight wording change, this DCO is identical to the one
used by the Linux kernel.

This sentence clearly deserves a Linux and not GNU/Linux... regardless
of whether GnuPG is part of the “GNU operating system” (sorry for the
quotes, it's the first time I hear this phrase) or not.

> - Linux is a trademark of Linus Torvalds.

Clearly Linux and not GNU/Linux once again.

> (all Linux distros feature a suitable GnuPG tool)

Do we really want to exclude distros based on the Linux kernel but not
on the GNU base utilities, but rather on eg. sbase [1]? I'd say there is
no compelling reason to, so no reason to switch to GNU/Linux here.

> *** … for Linux?
>
> The bad news is there is no single, consistent way to install GnuPG on
> Linux systems.  The good news is that it’s usually installed by
> default, so nothing needs to be downloaded!

The same argument leads me to think there is no reason to switch to
GNU/Linux here again; distros without the GNU userspace don't have an
easier way to install than distros with the GNU userspace as far as I know.

>  … for Debian GNU/Linux or Ubuntu?

It's already GNU/Linux.

> ** … Linux or FreeBSD?
>
> [Follows a list of email clients compatible with non-{Windows,Mac}
> operating systems]

Do Thunderbird, Gnus, Mutt, Kontact, Evolution or Claws-Mail not work on
computers which would have swapped the GNU userland with eg. sbase? If
so, maybe it'd be good to add a note stating that it doesn't work
without GNU tools, but I don't see any reason to exclude
non-GNU-userspace-based Linux distribution from the list, especially
given how FreeBSD is included in there too.


Thus, I'm not in favor of any change to the current FAQ, to replace a
Linux by a GNU/Linux.

Cheers,
Leo


[1] https://core.suckless.org/sbase



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Ralph Corderoy 
Hi Mario,

> Your argument is self-defeating. There is no reason to single Linux.
> It is just another of thousands of programs without which a computer
> would be useless exactly as the others you mentioned.

You snipped the bit where I said "Linux" has two meanings in the English
language depending on context.  Given your admirable, though misplaced,
zeal, I doubt there's a considered argument to be had here.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Duane Whitty 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 17-10-09 11:06 PM, Robert J. Hansen wrote:
> A request has been made that each instance of "Linux" in the FAQ
> be replaced with "GNU/Linux".
> 
> I'm not inclined to make this change.  However, in order to make
> sure that the FAQ reflects the community's wishes, I'm submitting
> the proposal here for community feedback.
> 
> If anyone has strong feelings on it one way or another, chime in.
> 
> ___ Gnupg-users mailing
> list Gnupg-users@gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I just did a search for the term "Linux" in the FAQ.  I did this so
that the conversation would be about a concrete instance and not based
so much on abstract concepts.  The search returned four instances of
the word "Linux".

First match was a trademark attribution of the term "Linux" to Linus
Torvalds.

The second match was in a sub-header for section 3.6 "From where can I
download it…" "… for Linux?" with text as follows (containing 3rd match)
:

"The bad news is there is no single, consistent way to install GnuPG
on Linux systems. The good news is that it’s usually installed by
default, so nothing needs to be downloaded!"

In this context does Linux mean any system running the Linux kernel or
does it mean something else?

The fourth match is "… for Debian GNU/Linux or Ubuntu?" also a part of
the section "From where can I download it…"


Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJZ3PIVAAoJEOJfpr8UVxtk0ssH/iL7zbDmN8vZ1SoqaCjqvY0E
SZxOJvnngqFTb67R40v4W8VcFe0J/aRghXLDrhRzrfuBFdAirP3iwCSItZrqUiF0
U0t7WHhUaMywI/x4HfrIUDPqJOEYJRJvNXssj9UOoG3sR86FSEIZAj7Oe5GIEYaH
FAmt1dG0GOlq1f/eQYsaekVWHT4aLyJI8HkqjCEihxUoSMjyFg0WxQBYN1kGSnUt
3JOzewW3tucUpRnnT1N6BXrnjk395fiOoLo8aNQaBoq8wiKETmgUnhcwRyWmuomb
hAyrBh1Kk7vj5a/7iDPwt18gsiK2kT23nvTDxfhX+vSG18onYXhbj2vMAaVY0cc=
=kWvQ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Duane Whitty 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 17-10-09 11:06 PM, Robert J. Hansen wrote:
> A request has been made that each instance of "Linux" in the FAQ
> be replaced with "GNU/Linux".
> 
> I'm not inclined to make this change.  However, in order to make
> sure that the FAQ reflects the community's wishes, I'm submitting
> the proposal here for community feedback.
> 
> If anyone has strong feelings on it one way or another, chime in.
> 
> ___ Gnupg-users mailing
> list Gnupg-users@gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
Rob, thanks for taking time out of your day and busy schedule for
dealing with this issue.  Too bad it is such a contentious issue for
so many people.  Thank you for your fairness and collaborative and
community minded approach.

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJZ3PVEAAoJEOJfpr8UVxtkLRQH/RDMBbl6PZ/lkXe/qYH4S2v8
QXd0qWeiniyAsfRju8bbbj3o4VF4J5P5AWcHGxbV6/uXmEZUevf3ts5Xq1e+Ow/K
5GDClHuoCa08+o8yIFDXLQ0ac/AiKg8kBl+3gp6B5v+Neln8q2zj6JBau8+0QhfQ
09NkYugoXra0kI5ISvEzW8J9KFvLi8+nA/KY78h9tASD4IN1zYgq2DtLkS/f9eNy
vQ+UR0y31ZtZ0LJ+ceqf656pAk5cUp4bN4aRcTOm0ZiN9ZYBgyPZxydaiJWnpJ49
4J4piUFMWFzH7mJQRzYs3Mw8vPBkW+MKQhms+SqKIRwMIGIQ7SVd6hV/mL2JRO4=
=meSP
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mike Gerwitz 
On Tue, Oct 10, 2017 at 18:03:52 +0200, Leo Gaspard wrote:
> On 10/10/2017 03:13 PM, Mike Gerwitz wrote:
>> On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
>>> A request has been made that each instance of "Linux" in the FAQ be
>>> replaced with "GNU/Linux".
>> 
>> GnuPG is part of the GNU operating system.  Anywhere "Linux" is used to
>> describe the GNU/Linux operating system, "GNU/Linux" should be used.
>
> The occurences of “Linux” in the FAQ are in the following sentences,
> according to a `git grep` in the FAQ directory:

I haven't looked over the FAQ personally; I was just providing GNU's
stance on the issue.

But thank you for outlining it.

>> Except for a slight wording change, this DCO is identical to the one
> used by the Linux kernel.
>
> This sentence clearly deserves a Linux and not GNU/Linux... regardless
> of whether GnuPG is part of the “GNU operating system” (sorry for the
> quotes, it's the first time I hear this phrase) or not.

Yes, that shouldn't be GNU/Linux.

>> - Linux is a trademark of Linus Torvalds.
>
> Clearly Linux and not GNU/Linux once again.

Right.

>> (all Linux distros feature a suitable GnuPG tool)
>
> Do we really want to exclude distros based on the Linux kernel but not
> on the GNU base utilities, but rather on eg. sbase [1]? I'd say there is
> no compelling reason to, so no reason to switch to GNU/Linux here.

If the intent is really to convey any distribution using the kernel
Linux, then it could say any "distros based on the kernel Linux", or
more weakly "Linux-based".

I don't think that's what it means.

>> *** … for Linux?
>>
>> The bad news is there is no single, consistent way to install GnuPG on
>> Linux systems.  The good news is that it’s usually installed by
>> default, so nothing needs to be downloaded!
>
> The same argument leads me to think there is no reason to switch to
> GNU/Linux here again; distros without the GNU userspace don't have an
> easier way to install than distros with the GNU userspace as far as I know.

"Linux system" is explicitly mentioned as something to avoid in the
maintainers document I referenced.

>>  … for Debian GNU/Linux or Ubuntu?
>
> It's already GNU/Linux.

Good!

>> ** … Linux or FreeBSD?
>>
>> [Follows a list of email clients compatible with non-{Windows,Mac}
>> operating systems]
>
> Do Thunderbird, Gnus, Mutt, Kontact, Evolution or Claws-Mail not work on
> computers which would have swapped the GNU userland with eg. sbase? If
> so, maybe it'd be good to add a note stating that it doesn't work
> without GNU tools, but I don't see any reason to exclude
> non-GNU-userspace-based Linux distribution from the list, especially
> given how FreeBSD is included in there too.

Same as above.

In any case, GNU packages have a bias toward GNU.  Emphasizing
"Linux-based" systems instead of GNU isn't much different than Apple
advertising BSD-based systems instead of Mac.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mike Gerwitz 
On Tue, Oct 10, 2017 at 12:37:15 -0300, Duane Whitty wrote:
> On 17-10-10 10:13 AM, Mike Gerwitz wrote:
>> GnuPG is part of the GNU operating system.  Anywhere "Linux" is
>> used to describe the GNU/Linux operating system, "GNU/Linux" should
>> be used.
>>
>> Please see:
>>
>> https://www.gnu.org/prep/maintain/maintain.html#GNU-and-Linux
>>
> I respect your point-of-view and your right to express it.  I would
> like to point out though that this link, from gnu.org, would be
> expected (at least by me) to promote a GNU centric and rightfully
> self-promoting view of how to proceed.

Of course it does.  GnuPG is _part of_ the GNU Project.  Not promoting
its own ideals is working contrary to its goals.

The link I provided is GNU policy.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Daniel Kahn Gillmor 
Thanks for going through the specific instances of Linux in the FAQ,
Leo.  This is what i was asking for when i was wondering whether a
concrete diff has been proposed.

(where is the FAQ maintained, btw?  how is one expected to submit
patches?)

I agree with all of Leo's conclusions except for the following:

On Tue 2017-10-10 18:03:52 +0200, Leo Gaspard wrote:
>> (all Linux distros feature a suitable GnuPG tool)
>
> Do we really want to exclude distros based on the Linux kernel but not
> on the GNU base utilities, but rather on eg. sbase [1]? I'd say there is
> no compelling reason to, so no reason to switch to GNU/Linux here.

I suspect that many minimal Linux-based operating systems (particularly
one that uses sbase instead of the GNU userland) will *not* feature a
suitable GnuPG tool.  So the statement above is probably more accurate
if you change it to GNU/Linux.

Do you have a list of sbase+Linux distros that we can look at for
comparison?

Certainly, the Linux distro known as Android does *not* feature a
suitable GnuPG tool :(

>> *** … for Linux?
>>
>> The bad news is there is no single, consistent way to install GnuPG on
>> Linux systems.  The good news is that it’s usually installed by
>> default, so nothing needs to be downloaded!
>
> The same argument leads me to think there is no reason to switch to
> GNU/Linux here again; distros without the GNU userspace don't have an
> easier way to install than distros with the GNU userspace as far as I know.

Again, i think this FAQ section is actually talking about GNU/Linux
systems, and it would be more appropriate to say that explicitly, rather
than to pretend that this covers every Linux-based operating system (it
clearly does not).

 --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Andrew Gallagher 
On 10/10/17 17:33, Mike Gerwitz wrote:
> Not promoting its own ideals is working contrary to its goals.

There is nothing in the GPL that requires one to be an evangelist. If
the FAQ is incorrect or misleading, let's change it. But "insufficient
fervour" is not sufficient grounds.

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP for official documents / eIDAS and ZertES

2017-10-10 Thread Ben McGinnes 
On Tue, Oct 10, 2017 at 08:40:38AM +, ankostis wrote:
> But it doesn't have to be XML!
> Besides ETSI, the european organization implementing eIDAS has 3 "standards"
> (e.g. [1]):
> XADES(XML), PADES (pdf), CADES - the last one doubting if it has any
> modern use.
> 
> Why not push them for a new PGPADES standard?

For the same reason as not wanting to wrestle crypto and XML into one
working thing: I'd like to keep the hair I have and not see it go as
white as Ray Wise playing Leland Palmer and just as quickly.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mike Gerwitz 
On Tue, Oct 10, 2017 at 17:56:05 +0100, Andrew Gallagher wrote:
> On 10/10/17 17:33, Mike Gerwitz wrote:
>> Not promoting its own ideals is working contrary to its goals.
>
> There is nothing in the GPL that requires one to be an evangelist. If
> the FAQ is incorrect or misleading, let's change it. But "insufficient
> fervour" is not sufficient grounds.

There may be a misunderstanding.

GnuPG is a package that is a part of the GNU operating system.  The list
of all such packages can be found here:

  https://www.gnu.org/software/

GNU is usually used with the kernel Linux.  GNU doesn't require that
packages support any other kernel (e.g. Hurd).  But the operating system
is GNU.  GnuPG works on other operating systems, but GNU only requires
that it work best on GNU, or at least as well as other operating
systems.

The GPL is unrelated to this discussion.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Daniel Kahn Gillmor 
On Mon 2017-10-09 23:30:22 -0300, Duane Whitty wrote:
> After saying all that I recall reading an article by the Washington
> Post (if I recall correctly) that they use two computers in their
> "safe-drop" system.

The link you're looking for is:

   https://securedrop.org/

their documentation for transfer between machines is here:

   https://docs.securedrop.org/en/stable/set_up_transfer_device.html

regards,

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Daniel Kahn Gillmor 
On Tue 2017-10-10 18:05:15 +0200, Leo Gaspard wrote:
> So we should call FreeBSD “GNU/FreeBSD” instead? Sorry, I could not resist.

Debian actually does ship a "port" that uses the FreeBSD kernel and the
GNU userland, and it calls it GNU/kFreeBSD.

  https://www.debian.org/ports/kfreebsd-gnu/

This naming clarity is useful to distinguish it from the FreeBSD
operating system, which uses the FreeBSD userland with the FreeBSD
kernel.

There is no single userland required for any kernel (though some
userlands do require a specific kernel).  When we're talking about
GNU/Linux distros, we should name them for what they are.

Enjoy,

 --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Duane Whitty 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 17-10-10 02:04 PM, Daniel Kahn Gillmor wrote:
> On Mon 2017-10-09 23:30:22 -0300, Duane Whitty wrote:
>> After saying all that I recall reading an article by the
>> Washington Post (if I recall correctly) that they use two
>> computers in their "safe-drop" system.
> 
> The link you're looking for is:
> 
> https://securedrop.org/
> 
> their documentation for transfer between machines is here:
> 
> https://docs.securedrop.org/en/stable/set_up_transfer_device.html
> 
> regards,
> 
> --dkg
> 
Thanks!

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJZ3QPOAAoJEOJfpr8UVxtkp3kH/27bVFIV4hzz1t3MFfJpM1pW
xXtznE+5pzdxA4YXDRN7zIEfchbjTjqT70phXDX5SkVT4agY9MgNs8MhYOy8aeAi
pHVg+aNyDFp9kRvPahRpOQAhjhewEgPO4yaEyenKH4hCQ2EZMK9U93tlYG11rKBu
8EaN64d/NScLx7ngEPB9tooV1F9dyzDuNaXDw787YsapTG4N/hgjuKXMwu5YSOVb
CE/6ppxTJJRxbYBPCymZvVmAiQ6hzWEMYfgsyL+D3AjgXIf1nLlcM1/3JSAaCuZ5
w9FmoX5BbTEMRL1/6GRDOYcv7Z4KeHOazZcjdaVYHTtZZcuiGd59VEjKBQGHixw=
=9JNr
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Leo Gaspard 
On 10/10/2017 06:45 PM, Daniel Kahn Gillmor wrote:> (where is the FAQ
maintained, btw?  how is one expected to submit
> patches?)

I based my quotes on https://dev.gnupg.org/source/gnupg-doc.git ,
directory web/faq, running `git grep Linux`.

> I suspect that many minimal Linux-based operating systems (particularly
> one that uses sbase instead of the GNU userland) will *not* feature a
> suitable GnuPG tool.  So the statement above is probably more accurate
> if you change it to GNU/Linux.
> 
> Do you have a list of sbase+Linux distros that we can look at for
> comparison?

Hmm, I was thinking sta.li would have gnupg, but it looks like it
doesn't come embedded. Thanks for noticing!

I would thus like to withdraw this statement, as well as the other one
you pointed out.

That said, I wonder whether the sentence with “all GNU/Linux distros
feature a suitable GnuPG tool” would make sense at all, given GnuPG is,
as pointed out by Mike, part of the GNU operating system, which would,
if I understand correctly, mean that as soon as the distribution
includes GNU it must include GnuPG? (I may easily be wrong in my
interpretation of “part of the GNU operating system”) If I'm correct and
this would be a pleonasm, then maybe replacing it with “most Linux
distros feature a suitable GnuPG tool, with the notable exception of
Android” would make more sense? Then again maybe GNU/Linux would be both
more precise and simpler indeed, despite the pleonasm.

Thanks for the comment!
Leo



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 04:45, Peter Lebbing wrote:
> That to me means I would support leaving it as is. I don't feel strongly
> on writing it one way or another, but I do dislike the pressure some
> people exert on others pushing their view. If however you are
> consistently writing "Microsoft Windows®" everywhere in the FAQ, I'd
> find it natural to write "GNU/Linux" as well.

This is a fallacy. Windows *is* Microsoft Windows, the only thing called
“Windows” (as a proper noun) in informatics.

Not so with “GNU/Linux”. GNU/Linux is not Linux. Linux is a kernel.
GNU/Linux is the combination of this kernel with software from the GNU
project.

The word “operating system” is too vague to have a reasonable discussion
of exactly what set of programs are part of an operating system. In any
case, it is clear that Linux is a kernel, not an operating system[1].

Also, the argument that GNU PG can be used on Linux without GNU is
invalid, for it can also be used without Linux. Several BSD variants
include GNU PG.

[1] I challenge anybody who replies with “operating system”=“kernel” to
explain how this viewpoint is compatible with the practice of calling
FreeBSD, Windows, OS X (as a whole) and so on an “operating system” and
not a “kernel”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 07:13, Ralph Corderoy wrote:
> Do not change to using GNU/Linux.  It's a purely political term;  there
> is no case for technical accuracy.  Alongside GNU programs I have Clang,
> musl C library, X Windows, KDE, Firefox, LibreOffice and many other
> non-GNU project, non-GNU licensed, parts.  Singling out GNU for credit
> is unfair to those.

Your argument is self-defeating. There is no reason to single Linux. It
is just another of thousands of programs without which a computer would
be useless exactly as the others you mentioned.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 01:46, Robert J. Hansen wrote:
> With respect to specific distros, we ought use the name the distro
> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
> set up these distros have given their distros names, and it seems
> appropriate to use the names properly.  It is as inappropriate to refer
> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
> that's rejecting the community's right to name their distro what they wish.

To me it appears hypocritical that you are speaking of “respecting
community rights” where the aforesaid communities (more precisely, the
founding developers who are the ones that actually choose the name of
the distribution, not the later community) have stepped over the right
of recognition of the GNU projects.

The most important contribution of the GNU project is not the software
packages, but starting the free software movement. GNU/Linux
distributions are only possible because of free software.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 01:46, Robert J. Hansen wrote:
> With respect to specific distros, we ought use the name the distro
> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
> set up these distros have given their distros names, and it seems
> appropriate to use the names properly.  It is as inappropriate to refer
> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
> that's rejecting the community's right to name their distro what they wish.

To me it appears hypocritical that you are speaking of “respecting
community rights” where the aforesaid communities (more precisely, the
founding developers who are the ones that actually choose the name of
the distribution, not the later community) have stepped over the right
of the GNU project to be given proper credit.

Recall that the most important contribution of the GNU project is not
the software packages, but starting the free software movement and
developing the most important licenses. GNU/Linux distributions are only
possible because of free software ideology, even though many such would
hate to acknowledge this.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread ankostis 
On 10 October 2017 at 20:46, Leo Gaspard  wrote:
> On 10/10/2017 06:45 PM, Daniel Kahn Gillmor wrote:> (where is the FAQ
> maintained, btw?  how is one expected to submit
>> patches?)
>
> I based my quotes on https://dev.gnupg.org/source/gnupg-doc.git ,
> directory web/faq, running `git grep Linux`.
>
>> I suspect that many minimal Linux-based operating systems (particularly
>> one that uses sbase instead of the GNU userland) will *not* feature a
>> suitable GnuPG tool.  So the statement above is probably more accurate
>> if you change it to GNU/Linux.
>>
>> Do you have a list of sbase+Linux distros that we can look at for
>> comparison?
>
> Hmm, I was thinking sta.li would have gnupg, but it looks like it
> doesn't come embedded. Thanks for noticing!
>
> I would thus like to withdraw this statement, as well as the other one
> you pointed out.
>
> That said, I wonder whether the sentence with “all GNU/Linux distros
> feature a suitable GnuPG tool” would make sense at all, given GnuPG is,
> as pointed out by Mike, part of the GNU operating system, which would,
> if I understand correctly, mean that as soon as the distribution
> includes GNU it must include GnuPG? (I may easily be wrong in my
> interpretation of “part of the GNU operating system”) If I'm correct and
> this would be a pleonasm, then maybe replacing it with “most Linux
> distros feature a suitable GnuPG tool, with the notable exception of
> Android” would make more sense? Then again maybe GNU/Linux would be both
> more precise and simpler indeed, despite the pleonasm.

Maybe start using "Gnu Variants"[1], because that is technically precise.
For instance, this name includes also `cygwin`, which requires the
typical configure-make-install procedure?

Those compiling GnuPG for other platform may clarify the situation.

[1] https://en.wikipedia.org/wiki/GNU_variants

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Daniel Kahn Gillmor 
On Tue 2017-10-10 19:46:28 +0200, Leo Gaspard wrote:
> That said, I wonder whether the sentence with “all GNU/Linux distros
> feature a suitable GnuPG tool” would make sense at all, given GnuPG is,
> as pointed out by Mike, part of the GNU operating system, which would,
> if I understand correctly, mean that as soon as the distribution
> includes GNU it must include GnuPG? (I may easily be wrong in my
> interpretation of “part of the GNU operating system”)

There's no "must" that a GNU system contain GnuPG.

For example, on Debian ("GNU/Linux"), it's possible in the "testing"
version to have no gnupg package installed at all if you want a
particularly minimal system.  One narrowly-scoped tool from the GnuPG
suite (gpgv) is required if you want secure software updates, but you
can even do away with that if your updates are handled some other way
(or if it is a one-shot system that will never be updated).

That said, on most standard Debian systems, GnuPG is indeed installed by
default, and even on systems where it isn't installed by default, it's
a simple "apt install gnupg" away.

So I think this FAQ is more correct if it's re-written to say
"GNU/Linux" here and in the other place i mentioned.

Amazing how much people want to comment on the color of this particular
bikeshed!

Can we get back to improving GnuPG itself?

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-10 Thread vedaal 
I recently got a new laptop, and installed Ubuntu 16.0.4 LTS and used
the Ubuntu Software to install Kleopatra.
Ubuntu 16.0.4 has GnuPG 1.4.20 installed by default.

After installation, I tried to generate a keypair and could not.
Here is what happened:

=[begin quoted terminal]=

 p { margin-bottom: 0.1in; line-height: 120%; } 

londo@londo-earth-trinket:~$ gpg2 --gen-key 

gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.


This is free software: you are free to change and redistribute it. 

There is NO WARRANTY, to the extent permitted by law. 
Note: Use "gpg2 --full-gen-key" for a full featured key generation
dialog. 
GnuPG needs to construct a user ID to identify your key. 
Real name: kleo sixteenOfour 

Email address: k...@test.key 

You selected this USER-ID: 

"kleo sixteenOfour " 
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o 

We need to generate a lot of random bytes. It is a good idea to
perform 

some other action (type on the keyboard, move the mouse, utilize the 

disks) during the prime generation; this gives the random number 

generator a better chance to gain enough entropy. 

gpg: agent_genkey failed: Not supported 

Key generation failed: Not supported
londo@londo-earth-trinket:~$ gpg2 --full-gen-key 

gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.


This is free software: you are free to change and redistribute it. 

There is NO WARRANTY, to the extent permitted by law. 
Please select what kind of key you want: 

   (1) RSA and RSA (default) 

   (2) DSA and Elgamal 

   (3) DSA (sign only) 

   (4) RSA (sign only) 

Your selection? 1 

RSA keys may be between 1024 and 4096 bits long. 

What keysize do you want? (2048)   

Requested keysize is 2048 bits 

Please specify how long the key should be valid. 

 0 = key does not expire 

= key expires in n days 

  w = key expires in n weeks 

  m = key expires in n months 

  y = key expires in n years 

Key is valid for? (0)   

Key does not expire at all 

Is this correct? (y/N) y 
GnuPG needs to construct a user ID to identify your key. 
Real name: kleo sixteenOfour 

Email address: k...@test.key 

Comment: local keysigning only 

You selected this USER-ID: 

"kleo sixteenOfour (local keysigning only) " 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o 

We need to generate a lot of random bytes. It is a good idea to
perform 

some other action (type on the keyboard, move the mouse, utilize the 

disks) during the prime generation; this gives the random number 

generator a better chance to gain enough entropy. 

gpg: agent_genkey failed: Not supported 

Key generation failed: Not supported 

londo@londo-earth-trinket:~$ 
=[end quoted terminal]=
What am I forgetting/doing wrong?
TIA

vedaal
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Leo Gaspard 
On 10/10/2017 08:23 PM, Daniel Kahn Gillmor wrote:
> On Tue 2017-10-10 19:46:28 +0200, Leo Gaspard wrote:
>> That said, I wonder whether the sentence with “all GNU/Linux distros
>> feature a suitable GnuPG tool” would make sense at all, given GnuPG is,
>> as pointed out by Mike, part of the GNU operating system, which would,
>> if I understand correctly, mean that as soon as the distribution
>> includes GNU it must include GnuPG? (I may easily be wrong in my
>> interpretation of “part of the GNU operating system”)
> 
> There's no "must" that a GNU system contain GnuPG.
> 
> [...]
> 
> So I think this FAQ is more correct if it's re-written to say
> "GNU/Linux" here and in the other place i mentioned.

Agreeing here.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Ben McGinnes 
On Tue, Oct 10, 2017 at 02:06:17AM +, Robert J. Hansen wrote:
> A request has been made that each instance of "Linux" in the FAQ be
> replaced with "GNU/Linux".

Oh ... say hi to RMS from us.  ;)

> I'm not inclined to make this change.  However, in order to make
> sure that the FAQ reflects the community's wishes, I'm submitting
> the proposal here for community feedback.
> 
> If anyone has strong feelings on it one way or another, chime in.

I personally don't mind either way, but it is worth mentioning that in
the context of the GPG FAQ, it might be more accurate to say that it
is GNU/Linux.  Unless, of course, there are examples of the current
source code compiling on non-GNU/Linux systems successfully.

Has anyone managed to get any part of the GPG libs to compile on
Android/Linux?  As far as I'm aware no one has and all OpenPGP
implementations on Android devices require an entirely separate stack,
usually a Java implementation, but I'll be very happy to be proven
wrong on that.


Regards,
Ben



signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 11:04, Ralph Corderoy wrote:
> You snipped the bit where I said "Linux" has two meanings in the English
> language depending on context.  Given your admirable, though misplaced,
> zeal, I doubt there's a considered argument to be had here.

In the previous message you said “"Linux" can be the kernel or a
distro.”. But this is outright incorrect (Linux is not a distribution).
Thus I elided this part according to my practice of omitting irrelevant
text in a reply to keep the messages to a readable size.

The name “Linux” was invented for the kernel for which Linus Torvalds is
known. Later, lazy people incorrecting began using the same word to
refer to basically any software bundle that include this kernel.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 11:05, Leo Gaspard wrote:
>> Recall that the most important contribution of the GNU project is not
>> the software packages, but starting the free software movement and
>> developing the most important licenses. GNU/Linux distributions are only
>> possible because of free software ideology, even though many such would
>> hate to acknowledge this.
> 
> So we should call FreeBSD “GNU/FreeBSD” instead? Sorry, I could not resist.

Nice straw man fallacy. I have never asked anybody to call “GNU/*” all
free software projects, or anything similar, so your argument is unsound.

Moreover, there is no analogy between “FreeBSD” and “Linux”:

*The name “FreeBSD” has always referred to a specific distribution. That
is how people use it. There is no problem here.

*The name “Linux” refers to a specific *kernel* (from “Linus”, the first
author of this kernel). If you use the name “Linux” to refer to the
kernel, there is no problem, but using it for anything else is
incorrect, even if it *includes* Linux. Would it be correct to refer to
a car as an “engine”, because it includes an engine?

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Mario Castelán Castro 
On 10/10/17 11:02, Ralph Corderoy wrote:
> Please note, it's "GnuPG".  That's the project name.  If you wish to
> acknowledge that it's a GNU project then it's GNU GnuPG.  :-)

Well, then blame this project for being undecided about what its own
name is. They use both “GNU Privacy Guard” (which I abbreviate as “GNU
PG”) and “GnuPG”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

2017-10-10 Thread Robert J. Hansen 
>> The point of using the
>> old photoreceptor was that way we were dead certain there was no
>> exploitable integrated circuit in the photoreceptor...
> 
> I don't really see the point of purposely reducing the bitrate of a
> serial link.

Supply chain security.  The more complicated the hardware, the harder it
is to prove the ICs and firmware haven't been exploited.  If you're
using hardware you scavenged from a ham radio swap meet, you can be
pretty sure there's nothing malicious in the hardware.

Our use case was a vote tabulating system communicating realtime updates
with a publicly-facing web server.  The assumption was the web server
was compromised: given that, how can you be absolutely sure there's no
communication channel back to the trusted tabulator?

Answer: a 1960s photoreceptor.

We didn't need a fast link from the tabulator to the web server: we
needed a slow and absolutely, positively, definitively one-way link.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Robert J. Hansen 
> Amazing how much people want to comment on the color of this 
> particular bikeshed!

I agree.  Bikeshedding frustrates me: I'll leave it at that.

Reviewing the last forty-odd emails on the subject, there are a small
number of regular contributors to the community who are in favor, a
small number opposed, and a smaller number of mostly-lurkers who have
exceptionally strong feelings.

I do not see a community consensus one way or another.  I'll continue
with my original plan.

Should any of the people with exceptionally strong feelings on the
subject want to fork the FAQ, well, it's under a permissive license for
a reason -- just please don't claim that it's the official FAQ.  :)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-10 Thread Werner Koch 
On Tue, 10 Oct 2017 20:26, ved...@nym.hush.com said:

>   gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.

You left out the line which tells the libgcrypt version numbers like in

  $ gpg --version
  gpg (GnuPG) 2.2.1-beta1
  libgcrypt 1.8.1
  [...]


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpe9T1NR5y7N.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

2017-10-10 Thread Werner Koch 
On Tue, 10 Oct 2017 20:55, b...@adversary.org said:

> Has anyone managed to get any part of the GPG libs to compile on
> Android/Linux?  As far as I'm aware no one has and all OpenPGP

There might be a problems with the current release but GnuPG is expected
to build for Android just fine.  And on AIX and HP/UX.  There might be
build problems but that are bugs we need to fix.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpYVTOsCvQ8Z.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users