[Announce] A new GnuPG snapshot (unstable)

Werner Koch wk@gnupg.org
Tue Oct 23 21:28:07 2001


Hi,
     
after messing around with autoconf 1.5 for quite some time, I finally
was able to release a new DEVELOPMENT snapshot of GnuPG:

 *PLEASE READ THIS ENTIRE ANNOUNCEMENT BEFORE YOU START TO PLAY*
          
  ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b.tar.gz (1.9M)
  ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b.tar.gz.sig

Please find a list of mirrors at http://www.gnupg.org/mirrors.html

Again I changed quite a lot of things.  Using this version with a
current keyring renders the keyring unreadable for any previous GnuPG
versions.  So I did WARN YOU ABOUT THESE INCOMPATIBLE CHANGES - please
don't complain that it destroyed all your keys.  Actually this
incompatibility is due to a bug in the older versions which are not
able to cope with trust packet larger than one byte.  You can use
--export as an escape hatch because trust packets are never exported.

There are 2 major changes in this release:

  * The caching of the signature verification status changed from
    using special signature subpackets to the use of the trust
    packets.  You can (and should) rebuild this key cache using the
    new command "gpg --rebuild-keydb-caches"

  * The format of the TrustDB and the way it works has entirely be
    rewritten.  gpg tries to migrate to the new format but this code
    is obviously not very well tested, so you might want to make a
    backup of our ownertrust values first.

    The validity of the key is now checked every time you insert a new
    key or signature and when a key or a signature expires.  This
    automatic check can be disabled and replaced by a cron job which
    does an "gpg --check-trustdb"  every night or so.

    To assign an ownertrust, you can either do this in the edit menu
    or use the command "gpg --update-trustdb" which does the
    maintenance pass in a similar manner you probably know from PGP 2.

Both changes should speed up the operation on large keyrings quite a
lot so that "gpg --list-keys --with-colons" is actually usable.

Also a couple of bug fixes and some other code cleanups are in this
release.  There is still a long list of open bugs but I think it is
important to get the new code tested first.  The Windows and Acorn
ports won't work yet due to file sharing issues.

Changes since 1.0.6a:

    * The way signature stati are store has changed, so that v3
      signatures can be supported. To increase the speed of many
      operations for existing keys you can use the new
      --rebuild-keydb-caches command.

    * The entire key validation process (trustdb) has been revamped.
      See the man page entries for --update-trustdb, --check-trustdb
      and --no-auto-check-trustdb.

    * --trusted-keys is again obsolete, --edit can be used to set the
      ownertrust of any key to ultimately trusted.

    * A subkey is never used to sign keys.

    * Read only keyrings are now handled as expected.


Changes since 1.0.6:

    * New tool gpgsplit to split OpenPGP data formats into packets.

    * New option --preserve-permissions.

    * Subkeys created in the future are not used for encryption or
      signing unless the new option --ignore-valid-from is used.

    * Revoked user-IDs are not listed unless signatures are listed too
      or we are in verbose mode.

    * There is no default comment string with ascii armors anymore
      except for revocation certificates and --enarmor mode.

    * The command "primary" in the edit menu can be used to change the
      primary UID, "setpref" and "updpref" can be used to change the
      preferences.

    * Fixed the preference handling; since 1.0.5 they were erroneously
      matched against against the latest user ID and not the given one.

    * RSA key generation.

    * Merged Stefan's patches for RISC OS in.  See comments in
      scripts/build-riscos. 

    * It is now possible to sign and conventional encrypt a message (-cs).

    * The MDC feature flag is supported and can be set by using
      the "updpref" edit command.

    * The status messages GOODSIG and BADSIG are now returning the primary
      UID, encoded using %XX escaping (but with spaces left as spaces,
      so that it should not break too much)

    * Support for GDBM based keyrings has been removed.

    * The entire keyring management has been revamped.

    * The way signature stati are store has changed, so that v3
      signatures can be supported. To increase the speed of many
      operations for existing keys you can use the new
      --rebuild-keydb-caches command.

    * The entire key validation process (trustdb) has been revamped.
      See the man page entries for --update-trustdb, --check-trustdb
      and --no-auto-check-trustdb.

    * --trusted-keys is again obsolete, --edit can be used to set the
      ownertrust of any key to ultimately trusted.

    * A subkey is never used to sign keys.


Take care,

  Werner


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus






_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce