gpg 1.4.16 Windows - version info

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/20/2014 01:52 PM, Werner Koch wrote:
> On Thu, 20 Feb 2014 06:53, laurent.jumet at skynet.be said:
> 
>> ...OK, stamping "emit-version" twice in GNUPG.CONF restores
>> version like in my signature below. But what was the purpose of
>> this feature?
> 
> It is an old contentious point.  Some claim that the exact version
> is helpful to locate vulnerable implementations.  Other do not
> agree with that and like to have the version number to have some
> insight into which versions are actually in use.  In the light of
> recent events the first group got more traction and thus I changed
> the default.  However, I kept the major version number because it
> is quite interesting to notice the usage of GnuPG-2 compared to
> -1.

Another factor to consider here is also that major distributions
backport security fixes without bumping minor and patch versions. So
the version information doesn't necessarily provide a good picture of
the state of a system.

I support just reporting the major version (as I agree this can be of
interest) and maybe when 2.1 comes out separate between 2.0 and 2.1 in
some way (i.e. include minor as well). Although this isn't strictly
speaking from a usability perspective (as the capabilities of a given
user's implementation would be presented in the key preferences), it
might have some value in tracking upgrade adoption.

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"A government that robs Peter to pay Paul can always depend on the
support of Paul."
(George Bernard Shaw)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTBf8PAAoJEPw7F94F4TagLEYP/1FeTe/PLm6L7bhjdIvIRYmD
DIhYx94lNyJWN9IDUemR+7PLDNgvmBYHy8squF7coC/4e+7wQ/S6iPvZpCFyGHBZ
eOZjXHOtESzBkPs8Js5QriRXJASEVAG/aGrOdZPCE4PUnNa5QtAll9mmb8AV1K7y
v3bSIhRga3P93wNnXIxfJ5Qc/Gb+8LB61KWD8LeE959sk6YvJYdFKVUpuCPs2y+O
W808gksN4o3sonLQv9ghgjTBO+zGDIKQLSBGv5GcIaxqBv+Wf5V9f9VO06dUodGu
1AbxvJL5LqgWGyM1WXJSbBLK1GZH6fehNZ/GS2PKtAwLzHLofoTRCNHc5V9+Fz9s
NsfskHe1X5+PL3kTh8TaXQYr2OjeUhdGaEgfx3Y++TshljUsUzMEmT38zrJiAC5A
PJRniei9VRZb1uTqPXbqrUNas2l+3zFQKNZZ3PdLMyGhQJNtKtsmb5Ijv8RXsncV
wWWeAvoT4irnwp7WmqUXKVEeM6v9URbgD9uhkjE2/JcG7GFi6z9hI0x9VlqfIYBt
DImN9jB9y1S8qubnozag9Ui+d0eR7TKKRNMOCEaA51Qwis3r1i+RGtApe9I98MzZ
h/PNyf8/RACLkc1MgDvYSbbNcZYUpxbCbC0vrwde/1hESJ+IK8ub4Dlxdq4GXzJN
JouwGHHzirUssDAMxb7w
=PA4n
-----END PGP SIGNATURE-----