[pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring

Werner Koch wk at gnupg.org
Fri Apr 17 09:22:27 UTC 2015


On Tue, 14 Apr 2015 14:38, joss at debian.org said:

> Sorry, I was under the impression this was a discussion about actually
> improving the situation, not about Debian being used as a playground for
> petty complaints about other upstreams. 

Sorry, this is serious brokenness which is going on for years.  For the
records let me conclude:

Jessie will be released with a default GNOME and an optional XFCE
desktop featuring these bugs affecting GnuPG

  - S/MIME (gpgsm) does not work at all.

  - Smartcards for GPG won't work.

  - GnuPG's included ssh-agent can't be used.

  - The passphrase protection of GnuPG private keys has been reduced to
    a security level we had before 2010.

  - Brute forcing symmetric encrytion is as easy as before 2010.
    (~300 times faster on an i5-2410M, 2.3Ghz)

This has been justified by a better looking passphrase entry dialog for
GPG keys in GNOME's keyring-manager.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150417/1e55c1d9/attachment.sig>


More information about the pkg-gnupg-maint mailing list