I have see that you used all kind of precautions to avoid problems with the different types (enums/defines). However in --enable-maintainer-mode -Wswitch is enabled for a reasons ;-)

Oh, that merely lists all has algorithms Libgcrypt supports (iirc, within some sensible range). So yes, gpgsm would support that but I have never encountered one and I guess only gpgsm would be able to create such a CMS message.

I'd suggest to skip such user id. Actually I had in mind that we did that in the past - but I may be wrong.

Justus: When you have implemented that, can you please do a test with my key before and after? As you may know, I have hundreds of vanity signatures so that I need to have

Marcus: We have an appointment tomorrow at 15:00 at the KSD.

and the platform is ...

I will try to reproduce it. It might be that --passwd also trigerred the conversion to the new format.

You may not run your own version of libtool or libtoolize. Only the maintainer updates the autotools related files including libtool. This is to avoid bugs stemming from different or broken versions of autotools. This makes it much easier to reproduce bugs.

Thanks for working on that.

Regarding CFB: This needs to be decided by the evaluators. They know about the CFB problematic in their own documents. Thanks for pointing out discrepancies in the specs. I'll open a new task for it.

Hmm, why do you think this is important? The use cases I can see are

Problem with your DNS server We had a similar bug report here or on the ML. IIRC the DNS does not do what it is supposed to do. Need to lookup the details.

A few people asked for this generic option help; it is not specific to keyservers. Now we implemented that and still not okay for everyone, oh dear.

Given that this is just a warning, we should not consider it a bug.

Please add

Marcus: That would be a good opportunity to get back to your old curses works ;-)
IIRC, we fixed similar bugs in the past but this is for the latest pinentry.

Marcus, can you please check this?

Option parsing stops at the first non-option. "--keyserver" and "sec1...." could have also been key specifications.
Because sometimes people make errors we print a warning. But we can't bail out on a perfectly valid command line. That is the same why

The difference is the use of the --output option versus redirecting stdout to a file. A first guess would be that setmode (O_BINARY) has not been done, but in that case the -a exports would still work.

I released libgcrypt 1.7.7
and nPth 1.6

I just released 1.7.7

Another option is to distribute the secret subkey to all hackers who need to be able to read that. We won't need any backward security due to our transparency goal. At the time we add a new hacker to the list we can simply create a new subkey. With the extend privat key format we would also have a method to add information to the secret key, so that we can track who got one.

So, should we do a new libgcrypt release RSN?
There is another bug with solution also pending and it might not be too late for Squeeze if we hurry.