-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/20/2014 01:52 PM, Werner Koch wrote: > On Thu, 20 Feb 2014 06:53, laurent.ju...@skynet.be said: > >> ...OK, stamping "emit-version" twice in GNUPG.CONF restores >> version like in my signature below. But what was the purpose of >> this feature? > > It is an old contentious point. Some claim that the exact version > is helpful to locate vulnerable implementations. Other do not > agree with that and like to have the version number to have some > insight into which versions are actually in use. In the light of > recent events the first group got more traction and thus I changed > the default. However, I kept the major version number because it > is quite interesting to notice the usage of GnuPG-2 compared to > -1.
Another factor to consider here is also that major distributions backport security fixes without bumping minor and patch versions. So the version information doesn't necessarily provide a good picture of the state of a system. I support just reporting the major version (as I agree this can be of interest) and maybe when 2.1 comes out separate between 2.0 and 2.1 in some way (i.e. include minor as well). Although this isn't strictly speaking from a usability perspective (as the capabilities of a given user's implementation would be presented in the key preferences), it might have some value in tracking upgrade adoption. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "A government that robs Peter to pay Paul can always depend on the support of Paul." (George Bernard Shaw) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTBf8PAAoJEPw7F94F4TagLEYP/1FeTe/PLm6L7bhjdIvIRYmD DIhYx94lNyJWN9IDUemR+7PLDNgvmBYHy8squF7coC/4e+7wQ/S6iPvZpCFyGHBZ eOZjXHOtESzBkPs8Js5QriRXJASEVAG/aGrOdZPCE4PUnNa5QtAll9mmb8AV1K7y v3bSIhRga3P93wNnXIxfJ5Qc/Gb+8LB61KWD8LeE959sk6YvJYdFKVUpuCPs2y+O W808gksN4o3sonLQv9ghgjTBO+zGDIKQLSBGv5GcIaxqBv+Wf5V9f9VO06dUodGu 1AbxvJL5LqgWGyM1WXJSbBLK1GZH6fehNZ/GS2PKtAwLzHLofoTRCNHc5V9+Fz9s NsfskHe1X5+PL3kTh8TaXQYr2OjeUhdGaEgfx3Y++TshljUsUzMEmT38zrJiAC5A PJRniei9VRZb1uTqPXbqrUNas2l+3zFQKNZZ3PdLMyGhQJNtKtsmb5Ijv8RXsncV wWWeAvoT4irnwp7WmqUXKVEeM6v9URbgD9uhkjE2/JcG7GFi6z9hI0x9VlqfIYBt DImN9jB9y1S8qubnozag9Ui+d0eR7TKKRNMOCEaA51Qwis3r1i+RGtApe9I98MzZ h/PNyf8/RACLkc1MgDvYSbbNcZYUpxbCbC0vrwde/1hESJ+IK8ub4Dlxdq4GXzJN JouwGHHzirUssDAMxb7w =PA4n -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
