Page MenuHome GnuPG
Create Task
Maniphest T6319

gnupg-2.4.0 says "NOTE: THIS IS A DEVELOPMENT VERSION!"
Closed, ResolvedPublic
Actions

Description

The announcement of gnupg-2.4.0 described it as "a new stable GnuPG release." When I verify a signed tarball I see a message that it is a development version, which, to me at least, seems to contradict the announcement. For example:

$ xzcat linux-6.0.15.tar.xz | gpg --verify linux-6.0.15.tar.sign -
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Signature made Wed 21 Dec 2022 16:42:18 GMT
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
gpg: aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>" [unknown]
gpg: aka "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E

Details

Version
2.4.0

Related Objects

Event Timeline

chris2553 created this task.Dec 23 2022, 11:04 AM
chris2553 updated the task description. (Show Details)Dec 23 2022, 11:50 AM
werner added a subscriber: werner.Dec 23 2022, 3:39 PM

Sorry, I can't replicate this.

I did a fresh build from the released tarball, installed that versions and ...

$ gpg --no-options --verify ~/src/gnupg-2.4.0.tar.bz2.sig 
gpg: assuming signed data in '/home/wk/src/gnupg-2.4.0.tar.bz2'
gpg: Signature made Fri 16 Dec 2022 06:24:40 PM CET
gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA

Some libraries are development versions or old but that does not matter:

$

 gpgconf -V
* GnuPG 2.4.0 (c0556edb8)
GNU/Linux

* Libgcrypt 1.9.4 (05422ca2)
version:1.9.4:10904:1.37:12500:
cc:80300:gcc:8.3.0:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:chacha20:sm4:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94::md4:md5:rmd160:sha1:sha256:sha512:sha3:tiger:whirlpool:stribog:blake2:sm3:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
hwflist:intel-cpu:intel-fast-shld:intel-bmi2:intel-ssse3:intel-sse4.1:intel-pclmul:intel-aesni:intel-rdrand:intel-avx:intel-avx2:intel-fast-vpgather:intel-rdtsc:
fips-mode:n:n:
rng-type:standard:1:2010000:1:
compliance:::

* GpgRT 1.47-beta13 (be94bcf)

* Libassuan 2.5.4 (e368b40)

* KSBA 1.6.3 (bffa9b3)

* NTBTLS 0.1.3-beta23 (35a91c4)

Did you build from Git or did you run autogen.sh ? That could cause marking the version string with beta and thus setting the IS_DEVELOPMENT_VERSION macro.

chris2553 added a comment.Dec 23 2022, 9:26 PM

Your response to my other bug report (T6320) advised me not to build in tree and that fixed the "make check" problem. In turn, that means I no longer need to patch Makefile.am and run autoreconf. That has made this Development Version warning to go away.

Apologies for the double dose of nuisance.

chris2553 closed this task as Resolved.Dec 23 2022, 9:28 PM
chris2553 claimed this task.