From: Junio C Hamano <gitster@pobox•com>
To: Linus Torvalds <torvalds@linux-foundation•org>
Cc: Git Mailing List <git@vger•kernel.org>
Subject: Re: [PATCH] Prefer "long" key format output when verifying pgp signatures
Date: Tue, 16 Aug 2016 15:09:40 -0700 [thread overview]
Message-ID: <xmqqinv0bc2j.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <alpine.LFD.2.20.1608161309350.14878@i7> (Linus Torvalds's message of "Tue, 16 Aug 2016 13:35:46 -0700 (PDT)")
Linus Torvalds <torvalds@linux-foundation•org> writes:
> From: Linus Torvalds <torvalds@linux-foundation•org>
> Date: Tue, 16 Aug 2016 13:10:24 -0700
> Subject: [PATCH] Prefer "long" key format output when verifying pgp signatures
>
> Yes, gpg2 already uses the long format by default, but most
> distributions seem to still have "gpg" be the older 1.x version due to
> compatibility reasons. And older versions of gpg only show the 32-bit
> short ID, which is quite insecure.
> ...
> But the 32-bit key ID's really are broken. Also note that because of the
> differences between gpg-1.x and gpg-2.x, hopefully any scripted key ID
> parsing code (if such code exists) is already flexible enough to not care.
>
> This was triggered by the fact that the "evil32" project keys ended up
> leaking to the public key servers, so now there are 32-bit aliases for
> just about every open source developer that you can easily get by
> mistake if you use the 32-bit short ID format.
>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation•org>
> ---
>
> That's a very long commit message for a very trivial patch.
>
> I'm not particularly happy with the 64-bit long format either, but it's
> better than what we have now, and appears to be as good as it gets.
Thanks. Will queue.
>
> gpg-interface.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 08356f92e7b3..8672edaf4823 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -217,6 +217,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
> argv_array_pushl(&gpg.args,
> gpg_program,
> "--status-fd=1",
> + "--keyid-format=long",
> "--verify", temp.filename.buf, "-",
> NULL);
prev parent reply other threads:[~2016-08-16 22:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 20:35 [PATCH] Prefer "long" key format output when verifying pgp signatures Linus Torvalds
2016-08-16 22:09 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqinv0bc2j.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=torvalds@linux-foundation$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox