Hi Samuel,
On Wed, Aug 10, 2016 at 12:47:43AM +0200, Samuel Thibault wrote:
> As a late follow-up of the gpg key collision thread from debian-private
> (but posted on debian-devel, there is nothing private here, I prefer to
> see this information publicized actually):
>
> € gpg --search-key samuel.thibault@gnu.org
> ...
> (1) Samuel Thibault <samuel.thibault@gnu.org>
> 4096 bit RSA key 7D069EE6, created: 2014-06-16
> (2) Samuel Thibault <samuel.thibault@gnu.org>
> 4096 bit RSA key 7D069EE6, created: 2010-09-14
>
> So somebody *does* try to fake my gpg key too...
>
> For the reminder,
> https://gwolf.org/node/4070
I'm somewhat surprised by this mail… or rather by you appearantly
knowing about the issue but still you seem to not have acted as advised,
so let me repeat: everybody, please put "keyid-format long" into your
~/.gnupg/gpg.conf!
then, the output will look like this:
$ grep keyid-format .gnupg/gpg.conf
keyid-format long
$ gpg --search-key samuel.thibault@gnu.org
...
(1) Samuel Thibault <samuel.thibault@gnu.org>
4096 bit RSA key E2992EA47D069EE6, created: 2014-06-16
(2) Samuel Thibault <sthibault@debian.org>
Samuel Thibault <samuel.thibault@gnu.org>
Samuel Thibault <samuel.thibault@inria.fr>
Samuel Thibault <samuel.thibault@labri.fr>
Samuel Thibault <samuel.thibault@ens-lyon.org>
4096 bit RSA key D0178C767D069EE6, created: 2010-09-14
voila.
--
cheers,
Holger, puzzled to still see people using short-ids,
especially people who seem to be aware of the problem…
Attachment:
signature.asc
Description: Digital signature