[Announce] GnuPG 1.3.2 released (development)

David Shaw dshaw@jabberwocky.com
Fri May 30 05:34:03 2003

Hash: SHA1

On Thu, May 29, 2003 at 09:58:57PM +0200, Johan Wevers wrote:
> David Shaw wrote:
> > The latest release from the development branch of GnuPG is ready for
> > public consumption.  This is a branch to create what will be GnuPG 1.4
> > someday.
> Are there already any ideas when "someday" is expected to be?
> > Noteworthy changes in version 1.3.2 (2003-05-27)
> [...]
> I see mostly things that were also on the 1.2.1 -> 1.2.2 list. Do I see
> it right when I say that 1.3.2 is mainly a version where the 1.2.2 changes
> were implemented?

9 out of the 22 NEWS entries are new for 1.3.2.  There are a few more
changes that were not in the NEWS file, but these were not very
user-visible changes.  The diff between 1.2.1 and 1.2.2 was big enough
(and had to be applied to 1.3.1 as well) that I wanted to get 1.3.2
out to get a nice clean working surface again.

The changes that are in 1.3.2 and not in 1.2.2 are:

    * Multiple trust models are now supported via the --trust-model
      option.  The options are "pgp" (web-of-trust plus trust
      signatures), "classic" (web-of-trust only), and "always"
      (identical to the --always-trust option).

    * The --personal-{cipher|digest|compression}-preferences are now
      consulted to get default algorithms before resorting to the
      last-ditch defaults of --s2k-cipher-algo, SHA1, and ZIP
      respectively.  This allows a user to set algorithms to use in a
      safe manner so they are used when legal to do so, without
      forcing them on for all messages.

    * New --primary-keyring option to designate the keyring that the
      user wants new keys imported into.

    * --s2k-digest-algo is now used for all password mangling.
      Earlier versions used both --s2k-digest-algo and --digest-algo
      for passphrase mangling.

    * Handling of --hidden-recipient or --throw-keyid messages is now
      easier - the user only needs to give their passphrase once, and
      GnuPG will try it against all of the available secret keys.

    * DNS SRV records are used in HKP keyserver lookups to allow
      administrators to load balance and select keyserver port
      automatically.  This is as specified in

    * When using the "keyid!" syntax during a key export, only that
      specified key is exported.  If the key in question is a subkey,
      the primary key plus only that subkey is exported.

    * configure --disable-xxx options to disable individual algorithms
      at build time.  This can be used to build a smaller gpg binary
      for embedded uses where space is tight.  See the README file for
      the algorithms that can be used with this option, or use
      --enable-minimal to build the smallest gpg possible (disables
      all optional algorithms, disables keyserver access, and disables
      photo IDs).

    * The keyserver no-modify flag on a key can now be displayed and

Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc