-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
The latest release from the development branch of GnuPG is ready for
public consumption. This is a branch to create what will eventually
become GnuPG 1.4. It will change with greater frequency than the
1.2.x "stable" branch, which will mainly be updated for bug fix
reasons.
The more GnuPG-familiar user is encouraged try this release (and the
ones that will follow in the 1.3.x branch), and report back any
problems to gnupg-devel@gnupg.org. In return, you get the latest code
with the latest features.
This release contains code to address the recently discovered Elgamal
sign+encrypt problem discussed in:
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
Note that this change prevents generating any new Elgamal sign+encrypt
keys, and prevents generating any new Elgamal signatures or encrypting
to Elgamal sign+encrypt keys. This also means that this version of
GnuPG cannot be used to revoke an existing Elgamal sign+encrypt
primary key (as the revocation involves issuing a signature). It can
still be used to revoke an Elgamal sign+encrypt subkey with a
non-Elgamal primary key. If you still have a primary Elgamal key you
want to revoke, you will need to do it with an earlier version of
GnuPG.
As always, note that while this code is stable enough for many uses,
it is still the development branch. Mission-critical applications
should always use the 1.2.x stable branch.
The files are available from:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.4.tar.gz (1861k)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.4.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.3-1.3.4.diff.gz (242k)
MD5 checksums for the files are:
3e2722be17f9ff3979c95b5fb1371818 gnupg-1.3.4.tar.gz
907cd4bbaf03d6713e697310613612e9 gnupg-1.3.3-1.3.4.diff.gz
Noteworthy changes in version 1.3.4 (2003-11-27)
- ------------------------------------------------
* Added support for BZIP2 compression. This should be considered
experimental, and is only available if the libbzip2 library
<http://sources.redhat.com/bzip2/> is installed.
* Added the ability to handle messages that can be decrypted with
either a passphrase or a secret key. These messages may be
generated with --symmetric --encrypt or --symmetric --sign
--encrypt.
* The config file search has been enhanced to try for less
specific filename matches before giving up. For example,
version 1.3.4 will try for gpg.conf-1.3.4, gpg.conf-1.3, and
gpg.conf-1 before falling back to the regular gpg.conf file.
* Fixed a format string bug in the HKP keyserver handler.
* Support for Elgamal sign+encrypt keys has been removed. Old
signatures may still be verified, and existing encrypted
messages may still be decrypted, but no new signatures may be
issued by, and no new messages will be encrypted to, these keys.
The GnuPG team (David, Stefan, Timo and Werner)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.4-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj/GWQoqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJAEgAoJUJdMeIQUNLPwDXZn1jzGCGuscxAJ9c
I3Ms0ID5yY8ArCXj/C6I6WXbTA==OOeA
-----END PGP SIGNATURE-----