Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Date: Tue, 16 Aug 2016 13:10:24 -0700 > Subject: [PATCH] Prefer "long" key format output when verifying pgp signatures > > Yes, gpg2 already uses the long format by default, but most > distributions seem to still have "gpg" be the older 1.x version due to > compatibility reasons. And older versions of gpg only show the 32-bit > short ID, which is quite insecure. > ... > But the 32-bit key ID's really are broken. Also note that because of the > differences between gpg-1.x and gpg-2.x, hopefully any scripted key ID > parsing code (if such code exists) is already flexible enough to not care. > > This was triggered by the fact that the "evil32" project keys ended up > leaking to the public key servers, so now there are 32-bit aliases for > just about every open source developer that you can easily get by > mistake if you use the 32-bit short ID format. > > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > --- > > That's a very long commit message for a very trivial patch. > > I'm not particularly happy with the 64-bit long format either, but it's > better than what we have now, and appears to be as good as it gets. Thanks. Will queue. > > gpg-interface.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/gpg-interface.c b/gpg-interface.c > index 08356f92e7b3..8672edaf4823 100644 > --- a/gpg-interface.c > +++ b/gpg-interface.c > @@ -217,6 +217,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size, > argv_array_pushl(&gpg.args, > gpg_program, > "--status-fd=1", > + "--keyid-format=long", > "--verify", temp.filename.buf, "-", > NULL); -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html