Home GnuPG
Diffusion GnuPG 61539efc2bc4

gpg: Avoid publishing the GnuPG version by default
61539efc2bc4Unpublished
Actions

Unpublished Commit ยท Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Avoid publishing the GnuPG version by default

* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

The version of GnuPG in use is not particularly helpful. It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

(backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c)

  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance
dkgAuthored on Aug 5 2016, 4:46 PM
justusCommitted on Aug 9 2016, 12:33 PM
Parents
rG15d13272344f: Clean up "allow to"
Branches
Unknown
Tags
Unknown

Event Timeline

Justus Winter <justus@g10code.com> committed rG61539efc2bc4: gpg: Avoid publishing the GnuPG version by default (authored by Daniel Kahn Gillmor <dkg@fifthhorseman.net>).Aug 9 2016, 12:33 PM

Changes (2)

PathSize
doc/
g10/

rG61539efc2bc4

View Options

doc/gpg.texi

Loading...
View Options

g10/gpg.c

Loading...