Sorry for reviving this old thread. But since you guys still don't accept bug
reports (why?!)…
I'm not sure whether this is better or worse than the old situation, but now
you include an unsigned binary in your tree that is executed as part of the
build process. Nowhere can be found what this b
On Thu, 05 Mar 2015 22:27:36 +, flapflap wrote:
> The current version (1.3) of Tails comes with GnuPG 1.4.12.
That's just not true. Not only is the gpg2 command available, but the change
log even explicitly states that GnuPG 2 was added to improve smartcard support.
--
Jonathan
pgpMrNu2r
On Tue, 10 Mar 2015 13:35:27 +0900, NIIBE Yutaka wrote:
> Confirmation push button would be a good idea, and I have been
> considering how we can enhance the OpenPGPcard specification so that
> we could do something like that for future implementation(s).
Does this really need to be part of the
On Wed, 04 Mar 2015 14:29:47 +0300, Robert Deroy wrote:
> How could i do for use gpg on a usb key, because i have no computer, i only
> go in cybercafé.
>
> I want to use the last version, 2.1.1, with gpa.
I woudl recommend to boot off a Tails USB stick, as everything else would be
way too ri
On Mon, 02 Mar 2015 22:24:45 +0100, Johan Wevers
wrote:
> For once, I've never heard of the police
> trying something like this to obtain confessions or information: the
> chance of failure in an indivicual case are too big.
I'm guessing the reason is more that this would be a legal mine field
On Mon, 2 Mar 2015 00:13:07 +0100, Ingo Klöcker wrote:
> On what kind of hardware? A high-end gamer PC? Or a low end mobile phone?
According to the paper, the goal is to take 4 minutes on an average PC and that
it shall be adjusted according to hardware improvements.
> There are much larger b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 01.03.2015 um 23:25 schrieb Ingo Klöcker :
> And most spam is sent by bots. The spammers don't really care how much
> energy the bots burn. Yes, the amount of spam might decrease because
> the bots cannot hammer out that many bitmessages as SMTP
Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>:
>> and also gets rid of spam
>> by requiring a proof of work to send something.
>
> Surely, "proof of work" is evidence of performing some otherwise
> unnecessary CPU cycles. This wastes energy. In a system used by
> b
Am 28.02.2015 um 19:15 schrieb Johan Wevers
> I'm not talking about mathematically proving something. After all, a
> government agency could make a false key with Werner Koch's name on it
> and send someone who looks like him with real ID documents to a
> keysigning party. Government-issued ID's
Am 28.02.2015 um 14:12 schrieb Peter Lebbing :
> On 28/02/15 14:06, Ralph Seichter wrote:
>> but PGP does not work for mass e-mail protection
>
> Let me stress again that the proper course might be to replace SMTP (e-mail)
> and
> then work from that. If you have a sieve and wish for something t
Am 22.02.2015 um 13:17 schrieb Roman Zechmeister :
> 1. On Mac OS X it's standard to use Xcode for builds and we're using it for
> pinentry-mac and all of our other tools.
> Is it okay for you, if we're using an Xcode-Project and Xcode, instead of
> plain automake, to build pinentry for Mac OS X
Am 20.02.2015 um 11:48 schrieb Lukas Pitschl :
> Pinentry-mac is one project we’ve „revived“ and thus only added stuff on top
> of the old code instead of refactoring it.
> We’ve been planning to do that for a long time now though, so we’ll
> definitely look into that and check out how other UIs
Great to see that you are planning on trying to bring things into shape so they
can get upstreamed.
Might I suggest that you start with pinentry? Currently, you import an old
pinentry release and then build a lot of things around it. It would be really
helpful if you could instead create a new
Am 20.02.2015 um 09:32 schrieb NdK :
> 1 - support for more keys (expired ENC keys, multiple signature keys)
And maybe for storing a certification key with a different PIN.
> 5 - possibility to export private keys to user-certified devices
That pretty much defeats the point of using a smart car
Am 19.02.2015 um 20:08 schrieb Werner Koch :
> Because I have to enter the PIN everytime (right, I do this on purpose),
> the RSA signatures a long, and I do not keep my signing key card
> inserted all the time. In fact I have to walk out of the office to pick
> it up.
Another approach is to not
Am 18.02.2015 um 16:05 schrieb Werner Koch :
> I also do this often to avoid cluttering the screen. No need to assume
> a backdoor. It is for a Mac and Mac users want a clean tty ;-)
I also like @ to hide useless output, but is downloading *and executing* from a
remote location really somethin
Am 18.02.2015 um 15:57 schrieb Werner Koch :
>> git commit -S
>>
>> You can just create an alias for that, I for example use git ci.
>
> I know that but I would like to have a different key for tag and commit.
> Requiring an option is just too cumbersome.
I don't really see how that is cumbers
Am 17.02.2015 um 15:14 schrieb Hugo Osvaldo Barrera :
> Actually, I've noticed that there was a very quick reply to this when it was
> brought to the dev's attention. I'll leave this here for anyone else
> interested
> in following-up:
>
>
> https://github.com/GPGTools/GPGTools_Core/commit/518
Am 17.02.2015 um 22:32 schrieb Lukas Pitschl :
> The best way to reach us is either our support platform at
> https://gpgtools.tenderapp.com or t...@gpgtools.org.
When I tried contacting you guys a little more than a month ago, there was no
e-mail to be found on the website. Only a support foru
Am 17.02.2015 um 20:16 schrieb Juergen Fenn :
> Enigmail has discussed recently to drop support for GnuPG1, making
> gpg-agent/pinentry a crucial issue on the Mac. The standard version of
> pinentry from MacPorts does not work properly out of the box.
For homebrew, there's a pinentry-mac formula,
Am 17.02.2015 um 17:00 schrieb Ville Määttä :
> Upstream still does have the issue which now seems to have been fixed in the
> fork but in a binary removed from upstream…
I really can not confirm this. I am running vanilla GnuPG 2.1.2 (built from
source) on Yosemite (10.10.2 to be exact) with a
Am 17.02.2015 um 14:58 schrieb Sandeep Murthy :
> FYI I think you haven’t really looked at the support forum. This page
>
> http://support.gpgtools.org/kb/faq/found-an-issue
>
> clearly lists instructions for submitting a bug. They are always interested
> in reproducible issues, and every week
Am 17.02.2015 um 14:31 schrieb Werner Koch :
> GnuPG's speedo build system also downloads stuff via the Makefile but it
> verifies the checksums before proceeding. The checksums are taken from a
> public file which has a detached signature and the public key for that
> is one of the GnuPG release
Am 17.02.2015 um 14:22 schrieb Werner Koch :
> I do not think that it matters whether you pull using the git or the ssh
> protocol. In both cases an active attacker can intercept the traffic
> easily. Virtually nobody checks ssh host keys and how should they do it
> given that I can't find its f
Am 17.02.2015 um 07:53 schrieb Sandeep Murthy :
>> I'm guessing because you need an SSH key at GitHub in order to pull via SSH.
>> Yet another problem solved by git modules.
>>
>> Still, they could have at least changed it to https.
>
> GitHub supports pull/push via SSH or HTTPS therefore you c
Am 17.02.2015 um 00:53 schrieb Hugo Osvaldo Barrera :
> It is true that there's a pretty big security hole there with "git clone
> git://github.com...", since any malicious attacker can intercept that
> communication. There's no checksuming or anything to make this difficult *at
> all*.
Well, thi
Am 17.02.2015 um 00:16 schrieb Sandeep Murthy :
> I think this is an exaggeration. I have been using MacGPG and the
> GPG Tools support forum for quite some time, and have brought a
> number of issues to their attention, including a couple of security
> related ones, like making their key fingerp
Hi!
I hereby request that MacGPG gets removed from gnupg.org due to serious
security concerns. Basically, the first thing the Makefile in all their repos /
tarballs does is this:
@bash -c "$$(curl -fsSL
https://raw.github.com/GPGTools/GPGTools_Core/master/newBuildSystem/prepare-core.sh
28 matches
Mail list logo
