[pkg-gnupg-maint] diverging from upstream defaults
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 8 06:00:05 UTC 2017
On Fri 2017-09-08 07:43:39 +0200, Werner Koch wrote:
> On Fri, 8 Sep 2017 02:04, dkg at fifthhorseman.net said:
>
>>> * default RSA key size: 2048 → 3072
>>>
>>> * default cipher algorithm: AES128 → AES256
>>>
>>> * default signature digest: SHA256 → SHA512
>>>
>>> * digests in default personal-digest-preferences : SHA-256,SHA-384,SHA-512,SHA-224,SHA-1 → SHA-512,SHA-384,SHA-256,SHA-224,SHA-1
>>>
>>> * default s2k duration (calibrated by agent): 100ms → 300ms
>>
>>
>> I didn't need to do this one, because upstream has already done it, yay!:
>
> Nope, we only swapped the AES variants:
I'm not sure what you're responing to, Werner. I *did* need to do all
the steps above, including setting the default symmetric cipher to
AES256:
https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/tree/debian/patches/update-defaults/0018-gpg-default-to-AES-256.patch
The one that i said was already taken care of was:
>> * default keyserver: nothing → hkps://hkps.pool.sks-keyservers.net
Feel free to review the other changes in that update-defaults directory
if you want to give feedback. I'm also happy to push them as a separate
branch to git.gnupg.org if that would make them easier to review. Or if
you think they're fine, i can just push them to master or
STABLE-BRANCH-2-2. let me know what you think.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170908/2d3d8a40/attachment-0001.sig>
More information about the pkg-gnupg-maint
mailing list