Package: duplicity
Version: 0.6.18-1
Severity: normal
The documentation for --sign-key in the duplicity manpage says:
--sign-key key
This option can be used when backing up, restoring or verifying.
When backing up, all backup files will be signed with keyid key.
When restoring, duplicity will signal an error if any remote
file is not signed with the given keyid. key should be an 8
character hex string, like AA0E73D2.
8-character key IDs ("short key IDs") do not precisely identify a GPG
key, and a modest amount of compute time allows generating a key with a
conflicting 8-character key ID. Please only recommend the use of full
40-character key fingerprints to identify GPG keys.
See http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
for more information on the security problems with short key IDs.
- Josh Triplett
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages duplicity depends on:
ii libc6 2.13-32
ii librsync1 0.9.7-9
ii python 2.7.2-10
ii python-gnupginterface 0.3.2-9.1
ii python2.7 2.7.3~rc2-2.1
Versions of packages duplicity recommends:
ii python-paramiko 1.7.7.1-2
ii rsync 3.0.9-1
Versions of packages duplicity suggests:
pn lftp <none>
pn ncftp <none>
pn python-boto <none>
pn python-cloudfiles <none>
pn python-gdata <none>
pn python-pexpect 2.4-1
pn tahoe-lafs <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
