On Tue 2025-05-27 20:34:40 +0200, Sune Stolborg Vuorela wrote:
> On Tuesday, May 27, 2025 6:14:53 PM CEST Daniel Kahn Gillmor wrote:
>> I can take a look and see whether it's possible to get both kinds of
>> benefits -- standards compliance and reduced attack surface -- but i'd
>> certainly appreci
On Tuesday, May 27, 2025 6:14:53 PM CEST Daniel Kahn Gillmor wrote:
> I can take a look and see whether it's possible to get both kinds of
> benefits -- standards compliance and reduced attack surface -- but i'd
> certainly appreciate some upstream support in doing so.
Did you check the upstream c
On Tue 2025-05-27 10:40:29 +0200, Sune Stolborg Vuorela wrote:
> Now that sequoia also thinks that having non-critical packets anywhere, can
> we
> also let GnuPG do it, right ?
>
> https://gitlab.com/sequoia-pgp/sequoia/-/issues/1193#note_2522532582
An argument from a close read of the specific
On Saturday, May 17, 2025 12:25:31 AM CEST Daniel Kahn Gillmor wrote:
> > And these private packets are fully compliant. It is in the spec after
> > all.
>
> What is in the spec? Public key packets are *also* in the spec, but
> they don't belong in a detached signature, which is what is described
On Tuesday, May 20, 2025 10:23:03 PM CEST you wrote:
> What i'm hearing from this is that poppler wants interoperability with
> other GnuPG installations, but not with other OpenPGP installations.
>
> Is that correct? That doesn't seem like a great strategy for Poppler,
> or for the PDF ecosyste
On Sun 2025-05-18 20:02:28 +0200, Sune Stolborg Vuorela wrote:
> This work in poppler has been done in full cooperation with GnuPG upstream,
> it
> is in the GnuPG backend of poppler and these signatures is created in
> g10code's namespace in the pdf files. (g10c.pgp.signature.detached)
What i'
On Sunday, May 18, 2025 5:12:33 AM CEST Daniel Kahn Gillmor wrote:
> potentially any future versions of GnuPG that decide to limit exposure
> to their message parser in a detached signature context.
Before this change in poppler, the GnuPG backend already required a
functioning GnuPG suite setup.
Hi Sune--
On Sat 2025-05-17 20:01:48 +0200, Sune Stolborg Vuorela wrote:
> What is - to you - the purpose of the reserved packet space around
> 61-63 in any of the pgp related standards?
It's not really up to me, for what it's worth. I'm basing my answers
on:
https://www.rfc-editor.org/rfc/rfc
On Saturday, May 17, 2025 12:25:31 AM CEST Daniel Kahn Gillmor wrote:
> Hi Sune--
>
> Thanks for following up here.
Let me ask you a completely different question. What is - to you - the purpose
of the reserved packet space around 61-63 in any of the pgp related standards?
What's the purpose of
Hi Sune--
Thanks for following up here.
On Fri 2025-05-16 19:41:54 +0200, Sune Stolborg Vuorela wrote:
> I'm not sure why all of this matters; there are others that expects gnupg in
> Debian to validate and fail things in a similar way to gnupg-from-upstream
> and
> gnupg-in-other distribution
Hi Daniel
Thank you for your reply.
I'm not sure why all of this matters; there are others that expects gnupg in
Debian to validate and fail things in a similar way to gnupg-from-upstream and
gnupg-in-other distributions.
I don't think that is an unreasonable request.
And poppler is released
Hi Sune--
On Fri 2025-05-16 10:33:28 -0400, Daniel Kahn Gillmor wrote:
> Looking at your sample PDF (thanks for the link!) it appears that it is
> a comment packet of length 0x24d4 containing all zeros. What is the
> purpose of this packet? Why is it being included?
>
> Rather than increasing th
Hi Sune--
Thanks for this report. Do you know what tooling is generating these
packets for poppler?
In GnuPG right now (even without the patch you identified), those
packets are generally ignored.
On Fri 2025-05-16 12:01:38 +0200, Sune Stolborg Vuorela wrote:
> On Thursday, May 15, 2025 2:04:43
On Thursday, May 15, 2025 2:04:43 PM CEST Sune Stolborg Vuorela wrote:
> The signature blob is a detached signature packet followed by a finite
> length comment packet.
A comment package here is what GnuPG calls PKT_COMMENT, it has datavalue 61.
And in most/all openpgp (and librepgp) specs this i
On Thursday, May 15, 2025 12:19:32 PM CEST Sune Stolborg Vuorela wrote:
> Since
> https://salsa.debian.org/debian/gnupg2/-/blob/debian/unstable/debian/patches
> / freepg/0019-Disallow-compressed-signatures-and-certificates.patch?
> ref_type=heads#L188
> This change also breaks the part of Poppler'
Package: gnupg
Version: 2.4.6-7
Severity: important
Hi
Since
https://salsa.debian.org/debian/gnupg2/-/blob/debian/unstable/debian/patches/
freepg/0019-Disallow-compressed-signatures-and-certificates.patch?
ref_type=heads#L188
GnuPG-in-debian has stopped accepting comment packets in detached sig
16 matches
Mail list logo
