Am 17.02.2015 um 07:53 schrieb Sandeep Murthy :
>> I'm guessing because you need an SSH key at GitHub in order to pull via SSH.
>> Yet another problem solved by git modules.
>>
>> Still, they could have at least changed it to https.
>
> GitHub supports pull/push via SSH or HTTPS therefore you c
On Tue, 17 Feb 2015 00:16:26 +, MFPA stated:
> I like that advantage of keeping it all visible in the message body.
That is the reason I detest INLINE as opposed to PGP/MIME. The insertion of
superfluous garbage in the message body is annoying to say the least. Worse,
since most users have no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/17/2015 02:21 AM, Robert J. Hansen wrote:
> Is there any explanation for this behavior, or is this a 2.1.2
> bug? (This is using Patrick's OS X package, if that matters. It
> also affects all keyservers I tested, not just the round-robin
> fro
On Tue, 17 Feb 2015 02:21, r...@sixdemonbag.org said:
> quorra:~ rjh$ gpg - --keyserver x-hkp://pool.sks-keyservers.net
> --recv-key 0xD6B98E10
> gpg: using character set 'utf-8'
> gpg: keyserver receive failed: No route to host
It should have swithed to the next host of the
On Tue, 17 Feb 2015 00:53, h...@barrera.io said:
> git://github.com...", since any malicious attacker can intercept that
> communication. There's no checksuming or anything to make this difficult *at
> all*.
>
> What *does* suprise me is that there's a commit to specifically remove git+ssh
> in fa
On Mon, 16 Feb 2015 22:48, js-gnupg-us...@webkeks.org said:
> @bash -c "$$(curl -fsSL
> https://raw.github.com/GPGTools/GPGTools_Core/master/newBuildSystem/prepare-core.sh)"
Bad idea to directly run code from a foreign remote site. I'd
appreciate if someone from gpgtools.org can comment
> You don't know that the hosts in those two situations are the
> same...
I know, which is why I said:
> It also affects all keyservers I tested, not just the round-robin
> front-end.
I tried several different non-round-robin servers. Same thing.
__
I have posted a message in the GPG Tools support forum
copying the original post in this thread, letting the developers
know of the concerns raised here.
Perhaps you will see some comments in the near future.
Sandeep Murthy
s.mur...@mykolab.com
> On 17 Feb 2015, at 13:31, Werner Koch wrote:
>
>
>> http://support.gpgtools.org/
>
> If you are a security project, you should be thankful for people reporting
> bugs, not trying to make it as hard as possible to report a serious bug. This
> looks like more of a "users help users" forum kind of thing, nothing where
> you would want to rep
On Mon, 16 Feb 2015 20:40, m...@rainerkeller.de said:
> For me it looks like the authentication private key uses the encryption pin
> (Auth ID 0x02) while it should use the signature pin.
> It tried to set the encryption pin via "pkcs15-tool --auth-id 02
[ You should not use this tool for the Op
On 2015-02-17 11:01, Jonathan Schleifer wrote:
>
> I disagree. The developers are not capable of writing secure software, as
> demonstrated (several times even, it seems). It would be best to advise to
> never use that at all and then write new software, if there's demand for it.
> It's sometim
>
> Actually, I've noticed that there was a very quick reply to this when it was
> brought to the dev's attention. I'll leave this here for anyone else
> interested
> in following-up:
>
>
> https://github.com/GPGTools/GPGTools_Core/commit/5186bade36acedfdc0b76f9f5ddfcfc004ec698b
>
> I'm not a
I’ve had some concerns about GPGTools for months now. For some time I've
disliked the way the project is being run, the communication of what they are
planning and the way they have been doing their development for example. Months
went by when their Yosemite betas were not available in source at
On 17.02.2015, Werner Koch wrote:
> git meanwhile allows to sign commits. If anyone knows a method to set a
> different key for tagging and commits, I would soon start to sign each
> commit.
I can be seriously wrong, but is that not something the LKML people do?
__
On Tue, Feb 17, 2015 at 6:00 PM, Ville Määttä
wrote:
> Instead they should use upstream and contribute the minimal amount of
> wrappers or fixes upstream. Case in point: Has the fix for gpg-agent /
> scdaemon hang been discussed upstream at all [4], [5]? In MacGPG there is
> still ../libexec/gn
> gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
Okay. I have no idea what I'm looking for, but here goes.
quorra:~ rjh$ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S # 0 pool.sks-keyservers.net
S # . pool.
> On 17 Feb 2015, at 18:31, Martin Paljak wrote:
>
> Not sure about overall GnuPG affection with Apple or other closed
> source software, but the PC/SC layer in Yosemite is broken (again):
>
> http://ludovicrousseau.blogspot.fr/2014/12/os-x-yosemite-and-smart-cards-known-bugs.html
Yeah, Apple h
> On 17 Feb 2015, at 21:03, Sandeep Murthy wrote:
>
> As a user, not a developer on MacGPG, the issues previously
> raised here about the remote execution of scripts etc. may be
> questionable, but they do not directly affect my use of the software,
> which is nothing but a front end for GnuPG.
I suppose if you were conceited enough to describe yourself
as a “power user” then you might be dumb enough to think
that people who use GPG Suite are “dumb users”.
Platform fanatics and those make an easy job of caricaturing
themselves in their fanaticism for a “pure setup”, which is an
illusion.
> On 17 Feb 2015, at 21:16, Juergen Fenn wrote:
>
> as you've pointed
> out, the GPGTools have decided to go all commercial including, I
> didn't realise this before, a closed code repository so that no one
> can study the code? Is this true? I can't believe it.
That’s not quite true. They must
Jerry writes:
>> ...Worse,
>> since most users have no concept of "trimming" a message before replying to
>> it, even more useless garbage is transmitted when replied to, thus killing
>> more innocent electrons and wasting bandwidth not to mention the consumption
>> of screen territory.
Does that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a private key I am trying to recover the passphrase hash from
to try and then use in conjunction with another tool (hashcat?) to
recover the passphrase on a GPU cluster I have.
How would one go about extracting the passphrase hash from the
2015-02-17 17:31 GMT+01:00 Martin Paljak :
> So, generally speaking: if the upstream has not catered to the OSX
> folks and somebody on the internet has, I would not blame GPGTools
> guys for doing it. Yes, it would be nice if one at least tried to
> contribute back to upstream and to work in an o
I would also add that if you agree that more people should
be using encryption in more forms then the way to go is
to make it more more usable and user friendly (and at the
moment the standard GnuPG version can’t exactly be described as
that) then this is not an aspiration that should be described
I have successfully compile gnupg 2.0.26 on Solaris 10 using gcc (GCC)
3.4.3 (csl-sol210-3_4-branch+sol_rpath)
But it fails openpgp tests, and all executable exit with an "Abort" message.
I cannot determine what is causing this abort, but it I can
successfullyexecute programs to generate keys. De
On 2/17/15 12:12 PM, Errol Casey wrote:
gpg: WARNING: unsafe ownership on homedir `.'
What are the permissions on your home directory, and your ~/.gnupg
directory?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/
Hi all,
since we’ve only now subscribed to the gnupg-users list, unfortunately we can’t
reply to the correct message in the thread.
First off we’d like to apologize for not reacting sooner to this issue. We only
today became aware of it, when we received a message on our support platform
(than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, Feb 17, 2015, at 10:48, Thomas White wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> I have a private key I am trying to recover the passphrase hash from
> to try and then use in conjunction with another tool (hashcat?)
On Tue 2015-02-17 13:48:26 -0500, Thomas White wrote:
> I have a private key I am trying to recover the passphrase hash from
> to try and then use in conjunction with another tool (hashcat?) to
> recover the passphrase on a GPU cluster I have.
>
> How would one go about extracting the passphrase ha
On Tue, 17 Feb 2015 20:23, r...@sixdemonbag.org said:
> S # . pool.sks-keyservers.net
> S # . --> 6 8 1 13 20 4 10 11 7 2 15 5 12 17 9 19* 14 3 16 18
> S # 19 6 sks.spodhuis.org v6=[2a02:898:31::48:4558:73:6b73]
You are using this keyserver. ping6 shows that this server is curr
On Tue, 17 Feb 2015 21:12, er...@askerrol.org said:
> But it fails openpgp tests, and all executable exit with an "Abort" message.
Please run such an executable under a debugger and privide a stack
backtrace. Using gdb you would use:
gdb g10/gpg
then enter "break abort", "run", and after
> You are using this keyserver. ping6 shows that this server is
> currently up. May it be that your v6 routing is not working
> correct?
I don't have IPv6 routing, period. This raises the question of why
GnuPG is trying to reach an IPv6 address at all.
Worked fine under 2.0.x; under 2.1, this
On Tue, 17 Feb 2015 17:00, mailing-li...@asatiifm.net said:
> command line tools. *I think there is no more reason to develop
> MacGPG*, i.e. a port, anymore. Let the port die.
Can you briefly explain how Patrick's new installer [1] is related to that?
Would it be an option to use that as the cor
On Tue, 17 Feb 2015 17:31, mar...@martinpaljak.net said:
> GnuPG just got a huge sum of money, I'm sure arrangements can be made
> to allocate some of that for a easy to use and *free* OSX version with
> an integrated GUI ?
I would consider it unfair to all true free software developers to take
t
Hi,
in order to announce my new GPG key< I have written a key transition
document.
I am at the step where I should/must sign it with both keys (old and
new one).
I can sign (inline) my document using this:
gpg --output keytransition.signed --clearsign keytransition.txt
This works for one GPG k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/18/2015 07:31 AM, Xavier Maillard wrote:
> Hi,
>
> in order to announce my new GPG key< I have written a key
> transition document.
>
>
> gpg --output keytransition.signed --clearsign keytransition.txt
>
> This works for one GPG key but h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
>
> gpg -u -u --clearsign keytransition.txt >
> keytransition.signed2
>
woops, forget about the '> keytransition.signed2' part. Just running
with --clearsign will give you a keytransition.txt.asc file
automatically.
- --
Jesper Hess Nielsen
37 matches
Mail list logo
