Re: dirmngr 1.0.2
Peter Eisentraut wrote:
> The upstream maintainer of dirmngr (Werner Koch) has asked me to propose
> dirmngr 1.0.2 for inclusion into lenny:
> The last release is close
> to a year old but we have always worked on the package and made it more
> stable and added new features. Most work has been done as part of the
> Windows port which is required for the Koloab port to Windows. we have
> received numerous bug reports and fixed those as well as some other
> annoying things.
> Given that only Kleopatra (the KDE certifciate mamanger) depends on
> dirmngr I don't see any possible regression updating it even after the
> Lenny freeze. In fact the Kleopatra development goes hand in hand with
> the GnuPG and dirmngr development and thus I am pretty sure that 1.0.2
> is far better than 1.0.1. For the years to come with Lenny, it would be
> really really good to have the this version in it.
> Some more facts:
> * The LOOKUP command does now also consults the local cache. New option
> --cache-only for it and --local for dirmngr-client.
> This means that it will be much easier for administrators to convey
> useful certifciates to their users. This works with GnuPG 2.0.9 - not
> hard dependency but gnupg 2.0.9 uses this feature it if available
> * Improved certificate chain construction.
> This is actually a security fix. It was often not possible to verify
> a the authenticity of some widely used CRLs due to the use of some
> nin-common X.509 features. Thus people tended to disable CRL
> * Support loading of PEM encoded CRLs via HTTP.
> There are productive PKIs out there which really provide CRLs base64
> encoded - really stupid to do so but weel, we can make it work.
> * Many other bug fixes collected over a year.
> Is this OK to upload?
121 files changed, 9950 insertions(+), 6728 deletions(-)
Sorry, but this is too much to review, not unblocked.