GnuTLS 2.3.12 - second release candidate for 2.4.0

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Jun 9 14:01:17 CEST 2008


On Mon, Jun 9, 2008 at 12:57 AM, Daniel Kahn Gillmor
<dkg-debian.org at fifthhorseman.net> wrote:

> It's not clear to me if you mean that this should be resolved in
> 2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
> resolved in 2.3.12 yet.  In particular, it appears to fail open: when
> one userid is verified, it treats them all as verified, even User IDs
> that have no certifications other than self-signatures.

> When i run the tests from
> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
> against the 2.3.12 packages in debian experimental, i get the
> following output:

Hello Daniel!
 I was talking about a recent commit in the git repository. I've also
modified your tests to check the gnutls behaviour (as it is now both
of your tests should fail). The new behaviour is to consider not
verified all openpgp keys that have at least one unsigned by a trusted
party user id.

regards,
Nikos





More information about the Gnutls-devel mailing list