Generating revocation certificate
Peter Lebbing
peter at digitalbrains.com
Thu Apr 11 10:24:40 CEST 2019
On 11/04/2019 02:37, Ángel wrote:
> Why should I need to remember to manually add that .'2' every time?
Because, as I said, it might silently corrupt the functioning of a
utility that expects "gpg" to be 1.4 and not 2.1. There are quite a lot
of utilities out there that parse the output of the gpg command in a way
that is not sufficiently robust. The different output generated by 2.1
might cause such a utility to misinterpret it, and silently accept an
invalid signature. The purpose of calling gpg to verify a signature was
surely to reject invalid signatures, so you might expose yourself to
attackers that way.
Depending on how the utility calls "gpg", it might be affected by your
alias and end up calling "gpg2".
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190411/ee19f6c7/attachment.sig>
More information about the Gnupg-users
mailing list