GnuPG new releases (Well, not *that* new)
dugan at passwall.com
dugan at passwall.com
Sun Dec 29 13:46:25 PST 2002
Howdy y'all,
Just an FYI: I noticed a new version of gpg (GnuPG)
Bug fix from 1.2.0 to 1.2.1:
http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/000256.html
Improvements since 1.2.0 to 1.0.7:
http://lists.gnupg.org/pipermail/gnupg-announce/2002q3/000252.html Many
distros start with so diff 1.0.6 - 1.0.6 to 1.0.7:
http://lists.gnupg.org/pipermail/gnupg-announce/2002q2/000251.html
Download from mirrors:
http://www.gnupg.org/(en)/download/mirrors.html
MD5 checksums available in the top 3 files based on the versions you
choose.
One of the reasons I am glad I moved to install v1.0.7 on my own instead
of using the distro's v1.0.6, was the feature, ""
From the top 3 links when upgrading from v1.0.6 to any of these ater
ones:
"If you are upgrading from a version prior to 1.0.7, you may want to
run the command "gpg --rebuild-keydb-caches" once to speed up the
keyring access."
Some suggestions from me after upgrading (after the above)
After upgrading, if you have keys, also do this at least once:
$ gpg --update-trustdb
Add to a cron job if you have a perm. Internet connection, or add to a
script that you run manually this command:
$ gpg --keyserver your.favorite.key.server --refresh-keys
to update your local web of trust. This permits you to continue to
upgrade your web of trust to include people who have had other people
sign and trust other people who were "X" number of hops away and permit
your local copy of gpg to "trust" new people added to your web of trust.
Example:
I trust Pete, but Pete has not trusted Dmitry (yet) but Pete and I
decide to trust each other and do the key signing thing.
Now, I update my key-ring, and then contact the key server with my
updates and download the latest web of trust based on those who trust
those who I trust and 2 more hops beyond.
Right now, nobody in the Max hops on my web of trust, trusts Dmitry, but
my automated "--refresh-keys" keeps checking all of the keys on my
keyring for "next-hops" of people they trust/signed keys.
Now Pete and Dmitry exchange keys and sign each other's key and enable a
level of trust for each other and then notify the key server of thier
updates.
Now, the next time my "--refresh-keys" runs, My local gpg will be able
to consider Dmitry a user only 2 hops away, and he will see me as a user
of only 2 hops away (when he refreshed-keys).
The output of the "--refresh-keys" will tell you who has been added to
you web of trust.
How often to do this? depend on how often you use gpg, and how many
users on your keyring exchange keys. One time per week seems safe for
most users.
Another item you can add to a cronjob is:
$ gpg --check-trustdb --batch --yes
I don't. It is safer to run
$ gpg --update-trustdb
as it is interactive and does not auto-answer yes to everything to me.
Enjoy!
-ME
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://nblug.org/pipermail/talk/attachments/20021229/fddf79a0/attachment.pgp
More information about the talk
mailing list