On 10/08/16 15:19, Samuel Thibault wrote:
> Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote:
>> Adam D. Barratt writes ("Re: use long keyid-format in gpg.conf (Re: Key
>> collisions in the wild"):
>>> [explanation]
>>
>> Thanks.
>>
>> I don't know what side of this (one) line such a proposed gpg change
>> falls. I still think it's unsatisfactory that our stable release has
>> a default behaviour which cannot be used safely.
>
> Well, I'd argue that 64bit IDs are not safe either, they have not been
> made to be.
>
> Samuel
>
> Upstream has introduced -keyid-format=none which shows the full fingerprint, and then made it the default. Issue: [default to --with-fingerprint, introduce --without-fingerprint] https://bugs.gnupg.org/gnupg/issue2379 Commit: [gpg: Implement --keyid-format=none.] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=b047388 Commit: [gpg: Use --keyid-format=none by default.] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7257ea2 This seems much safer than 64bit IDs. Maybe a backport of this is feasible?
signature.asc
Description: OpenPGP digital signature
