[pkg-gnupg-maint] considering updates for the next stretch point release

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 28 13:40:04 UTC 2017


Hi all--

I'm starting to accumulate bugfixes and safe/sane improvements for the
next point release of debian stable (stretch).  This work is happening
on the "stretch" branch in
https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git.

So far, i've  added two changes:

commit 1c35044571dba16990cad1c2d2585629e1cc4514 (HEAD -> stretch, gdo/stretch)
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Sat Oct 28 15:25:18 2017 +0200

    Update crypto defaults for 2018 (new keys are RSA 3072, prefer AES256)
    
    NIST recommends using only 3072-bit keys (or larger) by 2020.  Keys
    generated in 2018 are likely to be in use for at least another two
    years.  We should be deploying stronger keys earlier.
    
    We also move to the stronger AES256 by default.  Users with
    particularly constrained machines can always choose a weaker cipher if
    they want to, but the default preference should be the strongest
    cipher we have available.  Peers who don't have AES256 available can
    still of course use one of the other ciphers that we announce support
    for.

commit aa378e9cbdcc5a8ece8e48d020c7456a57b4105c
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Sat Oct 28 15:13:13 2017 +0200

    block trivial access to scdaemon memory (Closes: #878952)


If there are other narrowly-targeted bugfixes or cleanup that belong in
the next point release of stretch, please propose them (or just add them
to the stretch branch).

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20171028/6b7f1d89/attachment.sig>


More information about the pkg-gnupg-maint mailing list