Samuel Thibault writes ("Re: use long keyid-format in gpg.conf (Re: Key
collisions in the wild"):
> Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote:
> > I don't know what side of this (one) line such a proposed gpg change
> > falls. I still think it's unsatisfactory that our stable release has
> > a default behaviour which cannot be used safely.
>
> Well, I'd argue that 64bit IDs are not safe either, they have not been
> made to be.
This is precisely the kind of point I was thinking of when I wrote:
Even if long keyids are not sufficient, they are a big improvement and
we should not let fixing this problem properly stand in the way of
doing what we can, now.
This is now the second time I have cut and pasted that into this
thread. I feel frustrated.
Did you miss that paragraph the first two times (in which case I guess
me repeating it was useful) ? Or did you disagree with me ? If you
disagreed, it would be helpful if you explained why, and what you
think we should do for users of jessie.
Thanks,
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
