[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dirmngr 1.0.2

The upstream maintainer of dirmngr (Werner Koch) has asked me to propose 
dirmngr 1.0.2 for inclusion into lenny:

The last release is close
to a year old but we have always worked on the package and made it more
stable and added new features.  Most work has been done as part of the
Windows port which is required for the Koloab port to Windows.  we have
received numerous bug reports and fixed those as well as some other
annoying things.

Given that only Kleopatra (the KDE certifciate mamanger) depends on
dirmngr I don't see any possible regression updating it even after the
Lenny freeze.  In fact the Kleopatra development goes hand in hand with
the GnuPG and dirmngr development and thus I am pretty sure that 1.0.2
is far better than 1.0.1.  For the years to come with Lenny, it would be
really really good to have the this version in it.

Some more facts:

* The LOOKUP command does now also consults the local cache.  New option
 --cache-only for it and --local for dirmngr-client.

  This means that it will be much easier for administrators to convey
  useful certifciates to their users.  This works with GnuPG 2.0.9 - not
  hard dependency but gnupg 2.0.9 uses this feature it if available

* Improved certificate chain construction.

  This is actually a security fix.  It was often not possible to verify
  a the authenticity of some widely used CRLs due to the use of some
  nin-common X.509 features.  Thus people tended to disable CRL

* Support loading of PEM encoded CRLs via HTTP.

  There are productive PKIs out there which really provide CRLs base64
  encoded - really stupid to do so but weel, we can make it work.

* Many other bug fixes collected over a year.

Is this OK to upload?

Reply to: