blacklisting MD5 in gpg

David Shaw dshaw at jabberwocky.com
Thu May 7 20:19:05 CEST 2009


On May 7, 2009, at 2:05 PM, Robert J. Hansen wrote:

> David Shaw wrote:
>> That's what I was thinking.  GUI tools should never be parsing
>> --version.  That's for human beings.
>
> Perhaps this should be added to the manpage and/or the hacking file,
> then.  It seems probable that many scripts do just this, and if it's a
> "they should never...", then script authors should have some  
> resource to
> tell them so.

There are limits to this sort of thing.   Each option that is intended  
for tools is tagged as such (--list-options, --with-colons, etc).   
Past a certain point, we're just making the manual hard(er) to read  
with endless repetitions of don't-use-this-in-scripts.

Perhaps a single statement that says the only safe way to use GPG at  
all for scripts is via --with-colons and friends.

David



More information about the Gnupg-devel mailing list