[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dirmngr 1.0.2

Peter Eisentraut wrote:
> The upstream maintainer of dirmngr (Werner Koch) has asked me to propose 
> dirmngr 1.0.2 for inclusion into lenny:
> """
> The last release is close
> to a year old but we have always worked on the package and made it more
> stable and added new features.  Most work has been done as part of the
> Windows port which is required for the Koloab port to Windows.  we have
> received numerous bug reports and fixed those as well as some other
> annoying things.
> Given that only Kleopatra (the KDE certifciate mamanger) depends on
> dirmngr I don't see any possible regression updating it even after the
> Lenny freeze.  In fact the Kleopatra development goes hand in hand with
> the GnuPG and dirmngr development and thus I am pretty sure that 1.0.2
> is far better than 1.0.1.  For the years to come with Lenny, it would be
> really really good to have the this version in it.
> Some more facts:
> * The LOOKUP command does now also consults the local cache.  New option
>  --cache-only for it and --local for dirmngr-client.
>   This means that it will be much easier for administrators to convey
>   useful certifciates to their users.  This works with GnuPG 2.0.9 - not
>   hard dependency but gnupg 2.0.9 uses this feature it if available
> * Improved certificate chain construction.
>   This is actually a security fix.  It was often not possible to verify
>   a the authenticity of some widely used CRLs due to the use of some
>   nin-common X.509 features.  Thus people tended to disable CRL
>   checking.
> * Support loading of PEM encoded CRLs via HTTP.
>   There are productive PKIs out there which really provide CRLs base64
>   encoded - really stupid to do so but weel, we can make it work.
> * Many other bug fixes collected over a year.
> """
> Is this OK to upload?

121 files changed, 9950 insertions(+), 6728 deletions(-)

Sorry, but this is too much to review, not unblocked.



Reply to: