un-trusting MD5 in gpg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 7 19:14:06 CEST 2009

On 05/07/2009 12:41 PM, Werner Koch wrote:
> On Thu,  7 May 2009 17:34, dshaw at jabberwocky.com said:
>> A blacklisted digest will cause signature verification to fail with an
>> appropriate error message along the lines of "digest algorithm is
>> blacklisted" (internally, GPG_ERR_BLACKLISTED_DIGEST or the like).
> The name of the erro code is too specific.  GPG_ERR_DISABLED_DIGEST is
> better; if you like the error message may say "...disabled or blacklisted".

Can you explain what the problem is with having a more-specific error
code?  We're talking about introducing new semantics in gpg already.
Why not have an error code that specifically refers to those semantics?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090507/ff61d541/attachment.pgp>

More information about the Gnupg-devel mailing list