[Announce] Second release candidate for 1.4.3 available

David Shaw dshaw at jabberwocky.com
Fri Mar 10 01:36:05 CET 2006


We are pleased to announce the availability of the second release
candidate for the forthcoming 1.4.3 version of GnuPG:

 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2 (3.0M)
 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2.sig

SHA-1 checksums for the above files are:

 eb5b839555ff1957b5956aaf4c96505223a2f9d0  gnupg-1.4.3rc2.tar.bz2
 2168b475f49100f5c41fa3830d90eb6d863220e7  gnupg-1.4.3rc2.tar.bz2.sig

Note that this is only a release candidate, and as such is not
intended for use on production systems.  If you are inclined to help
test, however, we would appreciate you trying this new version and
reporting any problems.

Note that this release candidate contains fixes for both the "False
positive signature verification in GnuPG" and "GnuPG does not detect
injection of unsigned data" problems reported against 1.4.2.

Noteworthy changes since 1.4.2:

    * If available, cURL-based keyserver helpers are built that can
      retrieve keys using HKP or any protocol that cURL supports
      (HTTP, HTTPS, FTP, FTPS, etc).  If cURL is not available, HKP
      and HTTP are still supported using a built-in cURL emulator.  To
      force building the old pre-cURL keyserver helpers, use the
      configure option --enable-old-keyserver-helpers.  Note that none
      of this affects finger or LDAP support, which are unchanged.
      Note also that a future version of GnuPG will remove the old
      keyserver helpers altogether.

    * Implemented Public Key Association (PKA) signature verification.
      This uses special DNS records and notation data to associate a
      mail address with an OpenPGP key to prove that mail coming from
      that address is legitimate without the need for a full trust
      path to the signing key.

    * When exporting subkeys, those specified with a key ID or
      fingerpint and the '!' suffix are now merged into one keyblock.

    * Added "gpg-zip", a program to create encrypted archives that can
      interoperate with PGP Zip.

    * Added support for signing subkey cross-certification "back
      signatures".  Requiring cross-certification to be present is
      currently off by default, but will be changed to on by default
      in the future, once more keys use it.  A new "cross-certify"
      command in the --edit-key menu can be used to update signing
      subkeys to have cross-certification.

    * The key cleaning options for --import-options and
      --export-options have been further polished.  "import-clean" and
      "export-clean" replace the older
      import-clean-sigs/import-clean-uids and
      export-clean-sigs/export-clean-uids option pairs.

    * New "minimize" command in the --edit-key menu removes everything
      that can be removed from a key, rendering it as small as
      possible.  There are corresponding "export-minimal" and
      "import-minimal" commands for --export-options and
      --import-options.

    * New --fetch-keys command to retrieve keys by specifying a URI.
      This allows direct key retrieval from a web page or other
      location that can be specified in a URI.  Available protocols
      are HTTP and finger, plus anything that cURL supplies, if built
      with cURL support.

    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.

    * The keyserver helpers can now handle keys in either ASCII armor
      or binary format.

    * New auto-key-locate option that takes an ordered list of methods
      to locate a key if it is not available at encryption time (-r or
      --recipient).  Possible methods include "cert" (use DNS CERT as
      per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
      server for the domain in question), "keyserver" (use the
      currently defined keyserver), as well as arbitrary keyserver
      URIs that will be contacted for the key.

    * Able to retrieve keys using DNS CERT records as per RFC-2538bis
      (currently in draft): http://www.josefsson.org/rfc2538bis

Happy Hacking,

  David, Timo, Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : /pipermail/attachments/20060309/6f69ee57/attachment.pgp


More information about the Gnupg-users mailing list