[pkg-gnupg-maint] Bug#953800: Bug#953800: gpgme1.0: don't fail checky2106 on 32bit systems

Bernhard Reiter bernhard at intevation.de
Thu Jun 25 09:12:24 BST 2020

Hello Debian GnuPG Maintainers, Hello Daniel,

Am Mittwoch 24 Juni 2020 21:26:36 schrieb Daniel Kahn Gillmor:
>    https://dev.gnupg.org/T4766
>    https://dev.gnupg.org/T4826
> I honestly don't know how to resolve this issue correctly, given
> upstream's refusal to acknowledge it as a problem worth fixing.

to help the cause I've took a look in the two issues and so far
I can understand why they are not on the roadmap to fix.
They are missing a realistic use case. A pubkey with a very long expiration 
date (e.g. >30 years) does not really make sense and changes to an
implementation are always a risk, so they should make sense.

Upstream GnuPG and the OpenPGP WG seems to be of the opinion that this would 
need to be addressed by a change of the OpenPGP standards in due time first.

I think the way forward would be to find out better examples, use and failure 
cases that show a higher importance than what is documented so far.
(Also see my comments in T4826.)

Thanks for your work for Free Software! :)

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20200625/f7c4b601/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list