[Announce] A new GnuPG snapshot (unstable)

Werner Koch wk@gnupg.org
Sat Dec 22 20:12:01 2001

Content-Type: multipart/mixed; boundary="=-=-="

Content-Transfer-Encoding: quoted-printable


A new snapshot of GnuPG has been released today.  This is an *unstable
release* to get feedback on the new features.  Please test this
extensively and report bugs to gnupg-devel.

  ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6c.tar.gz    (2048k)

  ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b-1.0.6c.diff.gz (448k)

Please find a list of mirrors at http://www.gnupg.org/mirrors.html

David Shaw did most of the changes:

* The generic keyserver stuff - able to use the NAI LDAP server and
  the email servers.  This adds "--keyserver-options", and requires
  that people change their "--keyserver" definition to URL format (or
  it only does HKP).

* The signature checking level stuff - asks the user how carefully
  they checked the key.  Adds --default-check-level (0-3) to set the

* --for-your-eyes-only.  Sets the flag so that the file isn't saved by
  default.  It makes PGP pop up a viewer with a "Tempest resistant"
  font, too.

* Regular key signatures can "promote" a local signature to full
  exportable status.

* Signature expirations.  When signing, gpg prompts if you want the
  signature to expire when the key does.  If --expert is set, you can
  set any expiration you like.  --expert also allows the user to do
  "silly" things: sign a revoked key or revoked uid.

* The new option --pgp2 tries to be as pgp2 compatible as possible and
  warns if the user does something that will make the message non-PGP2

* --no-permission-warning disables the new permission/ownership checks
  in GNUPGHOME.  If the permissions are not okay, calling external
  programs is disabled.

* Nonrevocable key signatures with --nrsign or via the edit menu.

* Photo ID support.  Adds --show-photos and --photo-viewer, which is
  the command line to use for the viewer.  Note, that this is not
  specified by OpenPGP and the format has been reverse engineered from
  PGP 6 generated public keys.=20=20

You may want to check out the comments in

If you have not used the last snapshot 1.0.6b, please read this:=20

  Using this version with a current keyring renders the keyring
  unreadable for any GnuPG versions prior to 1.0.6b.  Actually this
  incompatibility is due to a bug in older versions which were not
  able to cope with trust packets larger than one byte.  You can use
  --export as an escape hatch because trust packets are never

  The changes introduced with that last snapshot are:

  * The caching of the signature verification status changed from
    using special signature subpackets to the use of the trust
    packets.  You can (and should) rebuild this key cache using the
    new command "gpg --rebuild-keydb-caches"

  * The format of the TrustDB and the way it works has entirely be
    rewritten.  gpg tries to migrate to the new format but this code
    is obviously not very well tested, so you might want to make a
    backup of our ownertrust values first.

    The validity of the key is now checked every time you insert a new
    key or signature and when a key or a signature expires.  This
    automatic check can be disabled and replaced by a cron job which
    does an "gpg --check-trustdb"  every night or so.
    To assign an ownertrust, you can either do this in the edit menu
    or use the command "gpg --update-trustdb" which does the
    maintenance pass in a similar manner you probably know from PGP 2.

The man pages are not yet up to date, so please don't complain about that.

On something different:  I'd like to setup a user support site for
GnuPG and list all resources available for support as well as a
directory of commercial support providers.  This should be independent
of the more technical orientated www.gnupg.org and can have a more
"modern" design.  The GUUG will provide the technical resources but we
need volunteer(s) to actually design and maintain such a site.  If you
are intertested, please contact me by private mail.

Merry Christmas,


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus


Content-Type: application/pgp-signature

Version: GnuPG v1.0.6c-cvs (GNU/Linux)


Gnupg-announce mailing list