The other thing is to allow only one keyring, or better, use a central key daemon to access keys (kind of local keyserver).

@justus Are the FLTK and the EFL ready for a release (which we could mark as beta test versions)

T3252 is about meta data for each key.

No. gpg-agent is a different implementation of the ssh-agent protocol than ssh-agent. Making the keys persistent is on purpose.

I consider allowing empty user ids too dangerous.

So, just use "Anonymous"? This clearly identifies what this user id is
about and does not lead users to think, that something is wrong.

I just released 1.4.22 including the usual Windows installer. No anouncement mail but I added an entry to the NEWS page.

Just noticed that we fixed something related to this in 1.4:
bb61191aad98c3dbb487c1f76dd1552d44a52fe3

Hmm, that is actually the original file. I received it by mail, maybe the sender's MUA added the BOM.

gpg imposes limits on the length of data items in OpenPGP messages. OpenPGP does not specify any requirements on the length of keys or other properties, thus implementations can use sensible limits.

Note that you can do

For questions please contact the gnupg-devel ML.

Note that current versions don't install a skeleton conf file anymore.

OpenPGP does not authenticate encrypted data. To authenticate data a signature is required.
The MDC feature is what its name says - it detects modifications of the encrypted data but that's all.

It is fine to close this. Reworking the parser is not going to happen anytime soon.

@gouttegd thanks for the offer. I will consider adding a variant using clock_gettime. However clock_gettime is not available on all platforms and thus it needs to be ifdef'd. Fotunately there is npth_clock_gettime which has a builtin fallback to gettimeofday. Given that we require nPth in gpg-agent anyway, this seems to be the easiest way. It uses CLOCK_REALTIME

Given that 2.0 reaches EOL in 6 months and the bug has been here for ages, I won't backport it to 2.0 anymore.

I don't yet understand your problem. What has this idle configuration to do with the way how we calibrate the loop. After all we are not idle while calibrating but are heavily employing the CPU. Can you please elaborate and consider that times(2) is a POSIX API and clock ticks are an essential POSIX feature.

Thanks. Indeed we should have better error codes. However, passing all error codes from the backend to the user is not useful.

@aheinlein we need to know the gnupg version you are using with GPGME.

This is on purpose. Please read the discussions. Use card-timeout in scdaemon.conf or "gpgconf --kill scdaemon"

That is a matter of taste. A line requires a LF - many tools even ignore the last line or print a warning for a missing final LF. Not having a final LF is a bad idea.

--with-fingerprint is an option to modify the output of --list-keys and not a command. There are other --with-xxxx options for other purposes. There is no command to list a keyring. This is why gpg meanwhile prints a warning when used without a command.

The use of gpg without a command is simply wrong. This has never been specified and could actually lead to surprises.
You need to import the key first and then look at it with -k (--list-keys) or --fingerprint.

• It gives some people relief as same/similar patch is applied to gpg1.4 (give them the sign of gpg1.4 is maintained still).

The canonical repo is git://git.gnupg.org . We have not yet mirrored it at dev.gnupg.org.

Oh well, the usual IBM enum/int problems. It bugs me since the OS/2 days. I am not sure why you experienced it only now. One of the wrong return types is there for ages. I pushed fixes for master and 1.7.

We don't like to add this to 1.4. blinding requires random and more secure memory. Thus gpg may run out of secure memory and won't be able to do its j

On Wed, 5 Jul 2017 11:42, noreply@dev.gnupg.org said:

With an integer overflow.

Sorry, this is a standard C feature and the only way to have dynamic sized arrays. CLANG simply does not get this pattern right. Grep for pgut001's very comments on such ill behaving compilers (including gcc).