Search
j0ke.net Open Build Service
>
Projects
>
oldschool
>
gpg
> README.SuSE
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File README.SuSE of Package gpg
README for the GnuPG package from SuSE -------------------------------------- The gpg binary is not installed setuid root by default. This will result in a warning being displayed about insecure memory being used. It is insecure, because it may be swapped out to disk and maybe accessed there by someone unauthorised after stealing your hard disk. If you are annoyed by the warning or feel unsafe because of the possibility to have some confidential data swapped to disk, you can do either of these: * Turn off the warning in your config file * Security audit the source code of GnuPG (or trust the developers having done it carefully enough) and grant suid 0 permissions to allow mlock() to do its job. * Hack your system to use capabilities and grant the CAP_IPC_LOCK capability to the gpg executable... Version info ------------ We are now to GnuPG-1.0.5. Security patches that should be applied on top of 1.0.4 (--allow-secret-key-import and the bugfix for false positives in presence of multiple nested signatures) have been included in 1.0.5. Probably you've heard about a weakness in the OpenPGP format. This spec. does specify how to store the secret key in an encrypted and passphrase (mantra) protected way. If somebody has write access to your secret keyfile and modifies it in a subtle way, your gpg won't detect this and the next time you send a signed mail, the attacker may gain valuable information about your secret key, allowing him to find it. So, don't store your secret keyring in a non-trusted environment just relying on the passphrase protection! However, when this attack is carried out, the signature made with the modified key is invalid. gpg 1.0.5 does detect this and will not silently send out such mails. Read the file NEWS to find out about other changes. Translations ------------ Checking the translation files (.po files), a number of mistakes has been found and corrected. However, probably not all mistakes have been found, so it may well be that some translations are unclear or wrong. In the worst case, parameter formatting (%) is wrong and cause the gpg program to segfault. Therefore, we recommend running gpg with LC_ALL=en_US (or LANG=en_US) to avoid those problems. If you don't want to change your locale environment for gpg, you may as well delete the offending translations from /usr/share/locale/XX/LC_MESSAGES/gnupg.mo (XX = locale/language). Your SuSE team <feedback@suse.de>
