From: Junio C Hamano <gitster@pobox.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH] Prefer "long" key format output when verifying pgp signatures
Date: Tue, 16 Aug 2016 15:09:40 -0700 [thread overview]
Message-ID: <xmqqinv0bc2j.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <alpine.LFD.2.20.1608161309350.14878@i7> (Linus Torvalds's message of "Tue, 16 Aug 2016 13:35:46 -0700 (PDT)")
Linus Torvalds <torvalds@linux-foundation.org> writes:
> From: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Tue, 16 Aug 2016 13:10:24 -0700
> Subject: [PATCH] Prefer "long" key format output when verifying pgp signatures
>
> Yes, gpg2 already uses the long format by default, but most
> distributions seem to still have "gpg" be the older 1.x version due to
> compatibility reasons. And older versions of gpg only show the 32-bit
> short ID, which is quite insecure.
> ...
> But the 32-bit key ID's really are broken. Also note that because of the
> differences between gpg-1.x and gpg-2.x, hopefully any scripted key ID
> parsing code (if such code exists) is already flexible enough to not care.
>
> This was triggered by the fact that the "evil32" project keys ended up
> leaking to the public key servers, so now there are 32-bit aliases for
> just about every open source developer that you can easily get by
> mistake if you use the 32-bit short ID format.
>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> ---
>
> That's a very long commit message for a very trivial patch.
>
> I'm not particularly happy with the 64-bit long format either, but it's
> better than what we have now, and appears to be as good as it gets.
Thanks. Will queue.
>
> gpg-interface.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 08356f92e7b3..8672edaf4823 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -217,6 +217,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
> argv_array_pushl(&gpg.args,
> gpg_program,
> "--status-fd=1",
> + "--keyid-format=long",
> "--verify", temp.filename.buf, "-",
> NULL);
prev parent reply other threads:[~2016-08-16 22:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 20:35 [PATCH] Prefer "long" key format output when verifying pgp signatures Linus Torvalds
2016-08-16 22:09 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqinv0bc2j.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.