This topic is getting a bit bigger, perhaps let me sort first what
issues we're talking about here. So to summarize the longer text that
follows:
1. News::Article::NoCeM may embed an invalid hash algorithm declaration,
depending on the gpg program used by PGP::Sign, and possibly other
I think the critical thing I missed in the original message is that
News::Article::NoCeM is constructing an inline signature by calling
pgp_sign. The Hash header here is before the signed body, not before the
signature, which is obvious in your original message but which I failed to
pay proper
Russ Allbery wrote...
> Christoph Biedl writes:
>
> > * Omitting the hash declaration is not an option either, perl-nocem
> > fails then.
>
> I'm somewhat surprised by this, as my impression was that these Hash lines
> are optional and GnuPG did the right thing if they were omitted entirely
>
Christoph Biedl writes:
> * Omitting the hash declaration is not an option either, perl-nocem
> fails then.
I'm somewhat surprised by this, as my impression was that these Hash lines
are optional and GnuPG did the right thing if they were omitted entirely
(although you do still need a blank
Package: libnews-article-nocem-perl
Version: 0.09-3
Severity: important
Tags: upstream
X-Debbugs-Cc: libpgp-sign-p...@packages.debian.org,
debian.a...@manchmal.in-ulm.de
Greetings,
At the moment, NoCeM messages generated using News::Article::NoCeM
declare a hard-coded signature hash algorithm
5 matches
Mail list logo
