[Announce] A new GnuPG snapshot (unstable)
Werner Koch
wk at gnupg.org
Tue Oct 23 19:26:02 CEST 2001
Hi,
after messing around with autoconf 1.5 for quite some time, I finally
was able to release a new DEVELOPMENT snapshot of GnuPG:
*PLEASE READ THIS ENTIRE ANNOUNCEMENT BEFORE YOU START TO PLAY*
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b.tar.gz (1.9M)
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b.tar.gz.sig
Please find a list of mirrors at http://www.gnupg.org/mirrors.html
Again I changed quite a lot of things. Using this version with a
current keyring renders the keyring unreadable for any previous GnuPG
versions. So I did WARN YOU ABOUT THESE INCOMPATIBLE CHANGES - please
don't complain that it destroyed all your keys. Actually this
incompatibility is due to a bug in the older versions which are not
able to cope with trust packet larger than one byte. You can use
--export as an escape hatch because trust packets are never exported.
There are 2 major changes in this release:
* The caching of the signature verification status changed from
using special signature subpackets to the use of the trust
packets. You can (and should) rebuild this key cache using the
new command "gpg --rebuild-keydb-caches"
* The format of the TrustDB and the way it works has entirely be
rewritten. gpg tries to migrate to the new format but this code
is obviously not very well tested, so you might want to make a
backup of our ownertrust values first.
The validity of the key is now checked every time you insert a new
key or signature and when a key or a signature expires. This
automatic check can be disabled and replaced by a cron job which
does an "gpg --check-trustdb" every night or so.
To assign an ownertrust, you can either do this in the edit menu
or use the command "gpg --update-trustdb" which does the
maintenance pass in a similar manner you probably know from PGP 2.
Both changes should speed up the operation on large keyrings quite a
lot so that "gpg --list-keys --with-colons" is actually usable.
Also a couple of bug fixes and some other code cleanups are in this
release. There is still a long list of open bugs but I think it is
important to get the new code tested first. The Windows and Acorn
ports won't work yet due to file sharing issues.
Changes since 1.0.6a:
* The way signature stati are store has changed, so that v3
signatures can be supported. To increase the speed of many
operations for existing keys you can use the new
--rebuild-keydb-caches command.
* The entire key validation process (trustdb) has been revamped.
See the man page entries for --update-trustdb, --check-trustdb
and --no-auto-check-trustdb.
* --trusted-keys is again obsolete, --edit can be used to set the
ownertrust of any key to ultimately trusted.
* A subkey is never used to sign keys.
* Read only keyrings are now handled as expected.
Changes since 1.0.6:
* New tool gpgsplit to split OpenPGP data formats into packets.
* New option --preserve-permissions.
* Subkeys created in the future are not used for encryption or
signing unless the new option --ignore-valid-from is used.
* Revoked user-IDs are not listed unless signatures are listed too
or we are in verbose mode.
* There is no default comment string with ascii armors anymore
except for revocation certificates and --enarmor mode.
* The command "primary" in the edit menu can be used to change the
primary UID, "setpref" and "updpref" can be used to change the
preferences.
* Fixed the preference handling; since 1.0.5 they were erroneously
matched against against the latest user ID and not the given one.
* RSA key generation.
* Merged Stefan's patches for RISC OS in. See comments in
scripts/build-riscos.
* It is now possible to sign and conventional encrypt a message (-cs).
* The MDC feature flag is supported and can be set by using
the "updpref" edit command.
* The status messages GOODSIG and BADSIG are now returning the primary
UID, encoded using %XX escaping (but with spaces left as spaces,
so that it should not break too much)
* Support for GDBM based keyrings has been removed.
* The entire keyring management has been revamped.
* The way signature stati are store has changed, so that v3
signatures can be supported. To increase the speed of many
operations for existing keys you can use the new
--rebuild-keydb-caches command.
* The entire key validation process (trustdb) has been revamped.
See the man page entries for --update-trustdb, --check-trustdb
and --no-auto-check-trustdb.
* --trusted-keys is again obsolete, --edit can be used to set the
ownertrust of any key to ultimately trusted.
* A subkey is never used to sign keys.
Take care,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
More information about the Gnupg-announce
mailing list