[Announce] [security fix] GnuPG 1.4.15 released

[Olav Seyfarth]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi GnuPG users,

> I see at https://www.enigmail.net/documentation/quickstart-ch1.php that 
> GnuPG 2.0 is apparently recommended (at least for Windows).

You may use Enigmail with either GnuPG 1.4 or 2.0.

The reasons for the recommendation are that
- - there is a proper Windows installer for 2.0 and
- - gpgagent allows to cache multiple passphrases.

With just GnuPG 1.4 installed, Enigmail reverts to its old behavior and allows
to cache passphrases itself. While this allows to control within the GUI how
long a passphrase is cached, only one passprease is supported for all keys and
uses (sign, decrypt). Therefore, we urge people to use GnuPG 2.0 / gpgagent.

> Is upgrading to gpg 2.0.22 recommended vs 1.4.15?

If you're happy with just one passphrase, no. Never touch a running system ;-)

Olav
- -- 
The Enigmail Project - OpenPGP Email Security For Mozilla Applications
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/

iQGcBAEBAwAGBQJSUSU5AAoJEKGX32tq4e9WQugL/iVgifXVR50U+0HBlyK/jsK7
4qHlNOsUS9mih/UTmS0W9FjUVHaYK8/2sHyKPxpqw8xtU8VhAiumtBWaMFzleG+V
ap67bi36H6kNG3OqEU6gm0fvrOPg+dDoUorEakGECaPsxeKBGuNzWF7y/B4iniEI
8Y8tp1VvJokukFXEV0/lV1XbSXipf44gm75sM9Hq17EYqhEi0RiotADLQ92EcSmW
lSEteMNtgTMORUKp0EjTjUSrNLM4fR+uJONIvPVWZX9kfOY02awnBL6Yb4laAYXO
a3lejahIQOwFIqEi3e7chkACivXWA8fZPoKq9G62hLDWBuV8IcGCwAmjd71cfMAD
lZwjGyBrwLYkK7P6O+ld4B472oV6clPjkbaWMOVkyWAPcFVmyTIaTMDQQa7Dox30
62+dey5iVPFvg+UlN6ZR8oUsRdmpJG5gsSnmE0frC2lmFyg3y4yMy8jp+MQmCbQD
XGhmGtQ+alOx1eim8W4qKuiZVdiHPeYLWhViMP1tTQ==
=SB0V
-----END PGP SIGNATURE-----