[Announce] Second release candidate for 1.4.3 available

Charly Avital shavital at mac.com
Fri Mar 10 03:23:39 CET 2006

Hash: SHA256


compiled and installed over existing 1.4.3rc1, with idea.c, Darwin 8.5.0
MacOS 10.4.5 PPC.

Running fine.

Thanks to David, Timo, Werner, and a fine week end.


David Shaw wrote the following on 3/9/06 7:36 PM:
> We are pleased to announce the availability of the second release
> candidate for the forthcoming 1.4.3 version of GnuPG:
>  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2 (3.0M)
>  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2.sig
> SHA-1 checksums for the above files are:
>  eb5b839555ff1957b5956aaf4c96505223a2f9d0  gnupg-1.4.3rc2.tar.bz2
>  2168b475f49100f5c41fa3830d90eb6d863220e7  gnupg-1.4.3rc2.tar.bz2.sig
> Note that this is only a release candidate, and as such is not
> intended for use on production systems.  If you are inclined to help
> test, however, we would appreciate you trying this new version and
> reporting any problems.
> Note that this release candidate contains fixes for both the "False
> positive signature verification in GnuPG" and "GnuPG does not detect
> injection of unsigned data" problems reported against 1.4.2.
> Noteworthy changes since 1.4.2:
>     * If available, cURL-based keyserver helpers are built that can
>       retrieve keys using HKP or any protocol that cURL supports
>       (HTTP, HTTPS, FTP, FTPS, etc).  If cURL is not available, HKP
>       and HTTP are still supported using a built-in cURL emulator.  To
>       force building the old pre-cURL keyserver helpers, use the
>       configure option --enable-old-keyserver-helpers.  Note that none
>       of this affects finger or LDAP support, which are unchanged.
>       Note also that a future version of GnuPG will remove the old
>       keyserver helpers altogether.
>     * Implemented Public Key Association (PKA) signature verification.
>       This uses special DNS records and notation data to associate a
>       mail address with an OpenPGP key to prove that mail coming from
>       that address is legitimate without the need for a full trust
>       path to the signing key.
>     * When exporting subkeys, those specified with a key ID or
>       fingerpint and the '!' suffix are now merged into one keyblock.
>     * Added "gpg-zip", a program to create encrypted archives that can
>       interoperate with PGP Zip.
>     * Added support for signing subkey cross-certification "back
>       signatures".  Requiring cross-certification to be present is
>       currently off by default, but will be changed to on by default
>       in the future, once more keys use it.  A new "cross-certify"
>       command in the --edit-key menu can be used to update signing
>       subkeys to have cross-certification.
>     * The key cleaning options for --import-options and
>       --export-options have been further polished.  "import-clean" and
>       "export-clean" replace the older
>       import-clean-sigs/import-clean-uids and
>       export-clean-sigs/export-clean-uids option pairs.
>     * New "minimize" command in the --edit-key menu removes everything
>       that can be removed from a key, rendering it as small as
>       possible.  There are corresponding "export-minimal" and
>       "import-minimal" commands for --export-options and
>       --import-options.
>     * New --fetch-keys command to retrieve keys by specifying a URI.
>       This allows direct key retrieval from a web page or other
>       location that can be specified in a URI.  Available protocols
>       are HTTP and finger, plus anything that cURL supplies, if built
>       with cURL support.
>     * Files containing several signed messages are not allowed any
>       longer as there is no clean way to report the status of such
>       files back to the caller.  To partly revert to the old behaviour
>       the new option --allow-multisig-verification may be used.
>     * The keyserver helpers can now handle keys in either ASCII armor
>       or binary format.
>     * New auto-key-locate option that takes an ordered list of methods
>       to locate a key if it is not available at encryption time (-r or
>       --recipient).  Possible methods include "cert" (use DNS CERT as
>       per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
>       server for the domain in question), "keyserver" (use the
>       currently defined keyserver), as well as arbitrary keyserver
>       URIs that will be contacted for the key.
>     * Able to retrieve keys using DNS CERT records as per RFC-2538bis
>       (currently in draft): http://www.josefsson.org/rfc2538bis
> Happy Hacking,
>   David, Timo, Werner
> ------------------------------------------------------------------------
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Version: GnuPG v1.4.3rc2 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Gnupg-users mailing list