gpg4win expired code signing cert; please renew.
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 17 11:39:43 CEST 2025
> IMO, a bad Authenticode signature which *actually* fails validation
> with error on Microsoft OS is a bug in beta-369. Well, beta means
> to shake out bugs! I respectfully suggest these fixes:
I agree this is a bug in beta-369 that needs fixing.
Werner has said it will be fixed prior to the official 5.0 release.
That's enough for me: the bug has been reported, received, and an action
plan for it exists.
> 2. Review gpg4win release engineering procedure to add guardrail
> check for invalid Authenticode sig. To protect non-beta releases,
> too, automated regression test...
I hate to be the one to tell you this, but GnuPG has no continuous
integration and not much in the way of automated regression tests. (I
have not looked for these things lately: it's possible they've been
recently introduced.)
I don't disagree that CI is useful and that it would be nice to see
GnuPG adopt it. However, I wouldn't hold my breath waiting.
> I myself can easily verify your PGP dist sig. But this does not
> help the PGP-newbie...
(a) it's not PGP, which is a trademark of ... I think Broadcom bought
the rights to Symantec which bought the rights from ... man, keeping
track of who owns the PGP intellectual property is just too much work.
But it's proprietary and belongs to someone else. Let's not use those
letters. :)
(b) the relevant standard is LibrePGP, which is not trademarked.
(c) if this user is new to GnuPG, please don't start them off on a beta
release. Beta releases have bugs and inadequacies and the documentation
is often not ready and everything else. Please stick to official releases.
Yes, this means you'll not be able to use FIPS 203 and PQC. Fortunately,
that really doesn't matter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/601aea74/attachment.sig>
More information about the Gnupg-users
mailing list