Release candidate for 2.2.17

Werner Koch wk at gnupg.org
Fri Jul 5 17:15:12 CEST 2019


Hi!

Due to the SKS keyserver problems we are planning a new release for the
next week.  That release will have some changes related to keyserver.
See below for details.

In general we do not provide release candidates because experience
showed that they are more or less ignored.  However, this time I would
like to you to give that version some testing.  Get it from

<https://gnupg.org/ftp/people/werner/scratch/gnupg-2.2.17-beta21.tar.bz2>
<https://gnupg.org/ftp/people/werner/scratch/gnupg-2.2.17-beta21.tar.bz2.sig>

and in case of problems please report to gnupg-devel.  Here are the
changes:

  * gpg: Ignore all key-signatures received from keyservers.  This
    change is required to mitigate a DoS due to keys flooded with
    faked key-signatures.  The old behaviour can be achieved by adding
      keyserver-options no-self-sigs-only,no-import-clean
    to your gpg.conf.  [#4607]

  * gpg: If an imported keyblocks is too large to be stored in the
    keybox (pubring.kbx) do not error out but fallback to an import
    using the options "self-sigs-only,import-clean".  [#4591]

  * gpg: New command --locate-external-key which can be used to
    refresh keys from the Web Key Directory or via other methods
    configured with --auto-key-locate.

  * gpg: New import option "self-sigs-only".

  * gpg: In --auto-key-retrieve prefer WKD over keyservers.  [#4595]

  * dirmngr: Support the "openpgpkey" subdomain feature from
    draft-koch-openpgp-webkey-service-07. [#4590].

  * dirmngr: Add an exception for the "openpgpkey" subdomain to the
    CSRF protection.  [#4603]

  * dirmngr: Fix endless loop due to http errors 503 and 504.  [#4600]

  * dirmngr: Fix TLS bug during redirection of HKP requests.  [#4566]

  * gpgconf: Fix a race condition when killing components.  [#4577]

  Release-info: https://dev.gnupg.org/T4606



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190705/7894320a/attachment.sig>


More information about the Gnupg-devel mailing list