[Announce] Second release candidate for 1.4.3 available
shavital at mac.com
Fri Mar 10 03:23:39 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
compiled and installed over existing 1.4.3rc1, with idea.c, Darwin 8.5.0
MacOS 10.4.5 PPC.
Thanks to David, Timo, Werner, and a fine week end.
David Shaw wrote the following on 3/9/06 7:36 PM:
> We are pleased to announce the availability of the second release
> candidate for the forthcoming 1.4.3 version of GnuPG:
> ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2 (3.0M)
> SHA-1 checksums for the above files are:
> eb5b839555ff1957b5956aaf4c96505223a2f9d0 gnupg-1.4.3rc2.tar.bz2
> 2168b475f49100f5c41fa3830d90eb6d863220e7 gnupg-1.4.3rc2.tar.bz2.sig
> Note that this is only a release candidate, and as such is not
> intended for use on production systems. If you are inclined to help
> test, however, we would appreciate you trying this new version and
> reporting any problems.
> Note that this release candidate contains fixes for both the "False
> positive signature verification in GnuPG" and "GnuPG does not detect
> injection of unsigned data" problems reported against 1.4.2.
> Noteworthy changes since 1.4.2:
> * If available, cURL-based keyserver helpers are built that can
> retrieve keys using HKP or any protocol that cURL supports
> (HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
> and HTTP are still supported using a built-in cURL emulator. To
> force building the old pre-cURL keyserver helpers, use the
> configure option --enable-old-keyserver-helpers. Note that none
> of this affects finger or LDAP support, which are unchanged.
> Note also that a future version of GnuPG will remove the old
> keyserver helpers altogether.
> * Implemented Public Key Association (PKA) signature verification.
> This uses special DNS records and notation data to associate a
> mail address with an OpenPGP key to prove that mail coming from
> that address is legitimate without the need for a full trust
> path to the signing key.
> * When exporting subkeys, those specified with a key ID or
> fingerpint and the '!' suffix are now merged into one keyblock.
> * Added "gpg-zip", a program to create encrypted archives that can
> interoperate with PGP Zip.
> * Added support for signing subkey cross-certification "back
> signatures". Requiring cross-certification to be present is
> currently off by default, but will be changed to on by default
> in the future, once more keys use it. A new "cross-certify"
> command in the --edit-key menu can be used to update signing
> subkeys to have cross-certification.
> * The key cleaning options for --import-options and
> --export-options have been further polished. "import-clean" and
> "export-clean" replace the older
> import-clean-sigs/import-clean-uids and
> export-clean-sigs/export-clean-uids option pairs.
> * New "minimize" command in the --edit-key menu removes everything
> that can be removed from a key, rendering it as small as
> possible. There are corresponding "export-minimal" and
> "import-minimal" commands for --export-options and
> * New --fetch-keys command to retrieve keys by specifying a URI.
> This allows direct key retrieval from a web page or other
> location that can be specified in a URI. Available protocols
> are HTTP and finger, plus anything that cURL supplies, if built
> with cURL support.
> * Files containing several signed messages are not allowed any
> longer as there is no clean way to report the status of such
> files back to the caller. To partly revert to the old behaviour
> the new option --allow-multisig-verification may be used.
> * The keyserver helpers can now handle keys in either ASCII armor
> or binary format.
> * New auto-key-locate option that takes an ordered list of methods
> to locate a key if it is not available at encryption time (-r or
> --recipient). Possible methods include "cert" (use DNS CERT as
> per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> server for the domain in question), "keyserver" (use the
> currently defined keyserver), as well as arbitrary keyserver
> URIs that will be contacted for the key.
> * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> (currently in draft): http://www.josefsson.org/rfc2538bis
> Happy Hacking,
> David, Timo, Werner
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users