Dan Boger writes:
> On Fri, Oct 20, 2000 at 05:02:57PM +0930, Brian Salter-Duke wrote:
> > I recently decided to try GnuPG after using only pgp2 off and on for
> > some years. It was only after I downloaded it and played with it for a
> > while, that I realised that version 1.0.3 was very recent. I had got in
I strongly suggest to use 1.0.4 instead. All versions up to and including
1.0.3 have a serious bug:
Noteworthy changes in version 1.0.4 (2000-10-17)
------------------------------------------------
* Fixed a serious bug which could lead to false signature verification
results when more than one signature is fed to gpg. This is the
primary reason for releasing this version.
[...]
> > right at the beginning of a new version. This new version incorporates
> > RSA which I understand came out of copyright only in September.
> >
> > This allows one I gather to encrypt in a manner compatible with pgp2.
>
> I believe the gpg only deciphers with RSA, and doesn't encrypt using it.
> Sorry, but I wouldn't know anything about pgp2 though...
This is correct.
Noteworthy changes in version 1.0.3 (2000-09-18)
------------------------------------------------
[...]
* RSA is supported. Key generation does not yet work but will come
soon.
