[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-44-g6186637

by Werner Koch cvs at cvs.gnupg.org
Mon Feb 23 13:12:15 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  6186637cc9a4cbe4964ae0ca2aa00ed1738fc6a4 (commit)
      from  e0c13ad5f290aec05706797b8f6c9e13d613eb66 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6186637cc9a4cbe4964ae0ca2aa00ed1738fc6a4
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Feb 23 13:10:57 2015 +0100

    doc: Add warning note about not acting as an oracle to --batch.
    
    --

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 67dc3d0..d311732 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -949,12 +949,23 @@ Try to be as quiet as possible.
 @opindex batch
 @opindex no-batch
 Use batch mode.  Never ask, do not allow interactive commands.
- at option{--no-batch} disables this option.  Note that even with a
-filename given on the command line, gpg might still need to read from
-STDIN (in particular if gpg figures that the input is a
-detached signature and no data file has been specified).  Thus if you
-do not want to feed data via STDIN, you should connect STDIN to
- at file{/dev/null}.
+ at option{--no-batch} disables this option.  This option is commonly
+used for unattended operations.
+
+WARNING: Unattended operation bears a higher risk of being exposed to
+security attacks.  In particular any unattended use of GnuPG which
+involves the use of secret keys should take care not to provide an
+decryption oracle.  There are several standard pre-cautions against
+being used as an oracle.  For example never return detailed error
+messages or any diagnostics printed by your software to the remote
+site.  Consult with an expert in case of doubt.
+
+Note that even with a filename given on the command line, gpg might
+still need to read from STDIN (in particular if gpg figures that the
+input is a detached signature and no data file has been specified).
+Thus if you do not want to feed data via STDIN, you should connect
+STDIN to @file{/dev/null}.
+
 
 @item --no-tty
 @opindex no-tty

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list