1 year and 1 day
wk at isil.d.shuttle.de
Wed Dec 23 18:16:07 CET 1998
... after the very first release of GnuPG I have just released 0.9.
This is a big step in the numbering but not as huge as some vendors
do it :-) The reason is that I want to make clear that GnuPG has
grown up and we are now going to fix the bugs to prepare a stable 1.0
Noteworthy changes in version 0.9.0
* --export does now only exports rfc2440 compatible keys; the
old behavious is available with --export-all.
Generation of v3 ElGamal (sign and encrypt) keys is not longer
* Fixed the uncompress bug.
* Rewrote the rndunix module. There are two environment variables
used for debugging now: GNUPG_RNDUNIX_DBG give the file to write
debugging information (use "-" for stdout) and if GNUPG_RNDUNIX_DBGALL
is set, all programs which are only tried are also printed.
* New option --escape-from-lines to "dash-escape" "From " lines to
prevent mailers to change them to ">From ". This is not enabled by
default because it is not in compliance with rfc2440 - however, you
should turn it on.
And here are the major points from TODO
* clearsig: keep lineendings as they are. Remember that trailings
blanks are not hashed. Funny: pgp263in works fine even with
a source file with CR,LF but GnuPG and pgp263in has problems
if the clearsign has been created by pgp263ia.
Needs more investigation - anyone?
* Check revocation and expire stuff. PLEASE: THIS MUST BE TESTED!
* Check calculation of key validity. PLEASE: IT IS IMPORTED THAT
THIS GET TESTED.
* It has been reported that lockfiles are not removed in all cases.
cleanup is done with atexit() and all signals trigger exit() -
anything wrong with this?
* I noticed, that we sometimes have only 3 items in a trustrecord, but
a next pointer ro more records - check wehther the reuse code really
works. Maybe this is the reason for the "Hmmm public key lost"
* remove more "Fixmes"
* Replace Blowfish by Twofish and add the new encrypted packet typ
which has a MACing option (append SHA1 hash to the plaintext and
encrypt this all) - We need an identifier for Twofish to put this
one into the cipher preferences.
Get GnuPG from the usual places:
or use one of the mirrors:
Currently ftp.gnupg.org is the same as ftp.guug.de and www.gnupg.org
redirects to the well known ULURL(*) so there is no need to update
(*) Ugly Long URL
More information about the Gnupg-devel