Viktor Dukhovni:
> $ GNUPGHOME="${PWD}" gpg --verify postfix-2.11.1.tar.gz.asc
> gpg: Signature made Sun Sep 14 12:40:35 2014 EDT using RSA key ID C12BCD99
> gpg: Good signature from "Wietse Venema "
Fine. Having two digests will make the pre-image attacks much harder.
Wietse
On Sun, Sep 14, 2014 at 12:42:19PM -0400, Wietse Venema wrote:
> However, I would appreciate it if you could verify that the attached
> file works as expected.
With gpg from macports on MacOSX:
Previous signature:
$ GNUPGHOME="${PWD}" gpg --verify postfix-2.11.1.tar.gz.sig
gpg: Signatur
Hello,
On 14/09/14 17:42, Wietse Venema wrote:
> However, I would appreciate it if you could verify that the attached
> file works as expected.
It does, please see below.
$ gpg -v --verify postfix-2.11.1.tar.gz.asc
Version: GnuPG v1.4.12 (FreeBSD)
gpg: armor header:
gpg: assuming signed data in
Andreas Stieger:
> Hello,
>
> On 14/09/14 16:50, Wietse Venema wrote:
> > I see. You could of course turn on those options. I have no plans
> > to re-sign already-released tarballs.
>
> Understood.
However, I would appreciate it if you could verify that the attached
file works as expected.
Hello,
On 14/09/14 16:50, Wietse Venema wrote:
> I see. You could of course turn on those options. I have no plans
> to re-sign already-released tarballs.
Understood.
>> If at all possible I would appreciate a more modern digest algorithm to
>> be used as far as it works with the compatibility c
Andreas Stieger:
> Hello,
>
> On 14/09/14 16:06, Wietse Venema wrote:
> > Thanks for checking the signature. MD5 is good enough for Postfix
> > tarballs, since there are no known second pre-image attacks. It has
> > the significant benefit that it is supported by every existing PGP
> > implementa
Hello,
On 14/09/14 16:06, Wietse Venema wrote:
> Thanks for checking the signature. MD5 is good enough for Postfix
> tarballs, since there are no known second pre-image attacks. It has
> the significant benefit that it is supported by every existing PGP
> implementation.
The crypto is understood
On 14 Sep 2014, at 11:06, wie...@porcupine.org (Wietse Venema) wrote:
> Thanks for checking the signature. MD5 is good enough for Postfix
> tarballs, since there are no known second pre-image attacks. It has
> the significant benefit that it is supported by every existing PGP
> implementation.
A
Andreas Stieger:
> Hello,
>
> while packaging postfix 2.11.1 I noticed that the corresponding pgp/gpg
> signature is generated using the md5 digest algorithm. MD5 is now
> disabled as an acceptable digest method for signatures for source
> tarballs of openSUSE packages. Would it be possible to re-
Hello,
while packaging postfix 2.11.1 I noticed that the corresponding pgp/gpg
signature is generated using the md5 digest algorithm. MD5 is now
disabled as an acceptable digest method for signatures for source
tarballs of openSUSE packages. Would it be possible to re-issue the
signature using a S
10 matches
Mail list logo
