From wk at gnupg.org Fri Jan 30 20:50:27 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:35 2005 Subject: [Announce] Worm leaked through Message-ID: <87ad45w70c.fsf@alberti.g10code.de> Hi! As you might all have guessed, the recent worm mail used a faked From address which happens to be allowed to post to gnupg announce. Given that those worms are getting smarter and smarter in selecting address combination, we will have to implement stronger authentication checks to Mailman. Sorry for the trouble Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From dshaw at jabberwocky.com Fri Feb 27 02:12:11 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Feb 23 12:43:35 2005 Subject: [Announce] GnuPG 1.3.5 released (development) Message-ID: <20040227011211.GA21303@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will eventually become GnuPG 1.4. It will change with greater frequency than the 1.2.x "stable" branch, which will mainly be updated for bug fix reasons. The more GnuPG-familiar user is encouraged try this release (and the ones that will follow in the 1.3.x branch), and report back any problems to gnupg-devel@gnupg.org. In return, you get the latest code with the latest features. This release brings development fairly close to a good point for 1.4. If there is something that you do not like here, be it a missing feature, a UI choice, or, well, anything, now is the time to speak up. Once 1.3.x becomes the new stable, large changes will be unlikely. While we obviously cannot guarantee that every suggestion will be included, they will all be looked at. As always, note that while this code is stable enough for many uses, it is still the development branch. Mission-critical applications should always use the 1.2.x stable branch. The files are available from: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.5.tar.gz (1.9M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.5.tar.gz.sig or ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.5.tar.bz2 (1.5M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.5.tar.bz2.sig or ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.4-1.3.5.diff.gz (323k) MD5 checksums for the files are: e6b35d22f529ad8a625e46cdf224f1b0 gnupg-1.3.5.tar.gz c4b00adc6886cb2756124b3c46f3f677 gnupg-1.3.5.tar.bz2 3074a3f469e22ad9d836a8fd909f1d8a gnupg-1.3.4-1.3.5.diff.gz Noteworthy changes in version 1.3.5 (2004-02-26) - ------------------------------------------------ * New --min-cert-level option to disregard key signatures that are under a specified level. * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. * New keyserver-option "http-proxy" to specify which proxy to use in the config file without using environment variables. * Added support for storing, retrieving, and searching for keys in LDAP servers. Note that this is different than the "LDAP keyserver" which was already (and remains) supported. * Added support for TLS and LDAPS session encryption for LDAP. * --show-session-key/--override-session-key now works with --symmetric messages. * The configure options --enable-rsa and --disable-rsa can now be used to enable or disable RSA support. This can be useful for embedded use where space is tight. --enable-minimal includes --disable-rsa. * The last support for Elgamal sign+encrypt keys has been removed. The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.5-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAkA+mWsqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJhucAoI0nWiEyjdrpsKgdrbzUMAelqCwpAJ9M r0QwDUUxTlg28FBolJgQNT5YXw== =Acoy -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Mar 30 06:01:35 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Feb 23 12:43:35 2005 Subject: [Announce] GnuPG 1.2.5 first release candidate Message-ID: <20040330040135.GB26384@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are pleased to announce the availability of the first release candidate for GnuPG 1.2.5: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz (3404k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz.sig or as a patch against 1.2.4: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.4-1.2.5rc1.diff.gz (676k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html MD5 sums are: bfdabd51ae6f19441c580506f2a51b4a gnupg-1.2.4-1.2.5rc1.diff.gz b907b73fc139b213bcad089545c94dfb gnupg-1.2.5rc1.tar.gz 6a3f543732867149aaae27f0b780e08e gnupg-1.2.5rc1.tar.gz.sig As this is the stable branch, this release contains mostly bug and portability fixes. Please test this release and report any problems. Noteworthy changes since 1.2.4: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to on. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. Happy hacking, The GnuPG Team (David, Stefan, Timo, Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAkBo8R8qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJW+0AoIFtD6YfSBjNY1OnzZVYpPT/6i1DAKCX Tv7qLF+YA6fIFLl+b+AhNS6rOw== =Us5+ -----END PGP SIGNATURE-----