1 year and 1 day

Werner Koch wk at isil.d.shuttle.de
Wed Dec 23 18:16:07 CET 1998

... after the very first release of GnuPG I have just released 0.9.

This is a big step in the numbering but not as huge as some vendors
do it :-)  The reason is that I want to make clear that GnuPG has
grown up and we are now going to fix the bugs to prepare a stable 1.0

Noteworthy changes in version 0.9.0

    * --export does now only exports rfc2440 compatible keys; the
      old behavious is available with --export-all.
      Generation of v3 ElGamal (sign and encrypt) keys is not longer

    * Fixed the uncompress bug.

    * Rewrote the rndunix module. There are two environment variables
      used for debugging now: GNUPG_RNDUNIX_DBG give the file to write
      debugging information (use "-" for stdout) and if GNUPG_RNDUNIX_DBGALL
      is set, all programs which are only tried are also printed.

    * New option --escape-from-lines to "dash-escape" "From " lines to
      prevent mailers to change them to ">From ".  This is not enabled by
      default because it is not in compliance with rfc2440 - however, you
      should turn it on.

And here are the major points from TODO

    * clearsig: keep lineendings as they are. Remember that trailings
      blanks are not hashed.  Funny: pgp263in works fine even with
      a source file with CR,LF but GnuPG and pgp263in has problems
      if the clearsign has been created by pgp263ia.
      Needs more investigation - anyone?

    * Check revocation and expire stuff.  PLEASE: THIS MUST BE TESTED!

    * Check calculation of key validity. PLEASE: IT IS IMPORTED THAT

    * It has been reported that lockfiles are not removed in all cases.
      cleanup is done with atexit() and all signals trigger exit() -
      anything wrong with this?

    * I noticed, that we sometimes have only 3 items in a trustrecord, but
      a next pointer ro more records - check wehther the reuse code really
      works. Maybe this is the reason for the "Hmmm public key lost"

    * remove more "Fixmes"

    * Replace Blowfish by Twofish and add the new encrypted packet typ
      which has a MACing option (append SHA1 hash to the plaintext and
      encrypt this all) - We need an identifier for Twofish to put this
      one into the cipher preferences.

Get GnuPG from the usual places:

  ftp://ftp.gnupg.org/pub/gcrypt/gnupg-0.9.0.tar.gz  (945k)
  ftp://ftp.gnupg.org/pub/gcrypt/diffs/gnupg-0.9.0.diff.gz  (196k)

or use one of the mirrors:


Currently ftp.gnupg.org is the same as ftp.guug.de and www.gnupg.org
redirects to the well known ULURL(*) so there is no need to update
your bookmarks.

Merry Christmas,


(*) Ugly Long URL

More information about the Gnupg-devel mailing list