use long keyid-format in gpg.conf (Re: Key collisions in the wild

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Holger Levsen writes ("use long keyid-format in gpg.conf (Re: Key collisions in the wild"):
> I'm somewhat surprised by this mail… or rather by you appearantly
> knowing about the issue but still you seem to not have acted as advised,
> so let me repeat: everybody, please put "keyid-format long" into your
> ~/.gnupg/gpg.conf!

I am dismayed to once again see advice which suggests that systematic
security bugs in the default behaviour of gnupg should be addressed on
an ad-hoc basis by individual users editing their personal
configuration.

It would be much better to put out a stable release update to change
the default.  (Probably not a security update because of the risk of
causing currently-vulnerable scripts to become nonfunctional, which is
not something we normally do in security updates.)

Even if long keyids are not sufficient, they are a big improvement and
we should not let fixing this problem properly stand in the way of
doing what we can, now.

Ian.