[Gpg4win-devel] 2.3.1 in the pipeline, signature
Bernhard Reiter
bernhard at intevation.de
Wed Feb 3 09:49:51 CET 2016
Hi,
just a note that I think that we should do 2.3.1 rather sooner than later.
The reasons on our roadmap are good:
http://wiki.gnupg.org/Gpg4win/Roadmap
* Updated installer, regarding
** build with updated Debian NSIS version with better fix for
[[https://www.gpg4win.de/news-20151125.html|Security-Advisory 2015-11-25]]
** Codesigning with SHA-2 (using a new version of osslsigncode) the old code
signature was MD5
On the forum we have one report of a GpgOL Crash on Windows 10 (in German):
https://wald.intevation.org/forum/forum.php?thread_id=1590&forum_id=84&group_id=11
and one where the signature (I guess the installer signature) is not accepted
anymore on some windows systems:
https://wald.intevation.org/forum/forum.php?thread_id=1592&forum_id=84&group_id=11
this may as well be caused by the MD5 signture. (At least if I were Microsoft
I would block MD5 as soon as I can.)
I wonder all old systems support SHA2? Does someone know since when this is
supported? Since XP or Vista would be cool for us, I guess.
Best,
Bernhard
--
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20160203/1ce090ff/attachment.sig>
More information about the Gpg4win-devel
mailing list