gpg: Avoid publishing the GnuPG version by default

* g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2025-07-02 22:46:30 +02:00 · 2016-08-04 16:58:13 -04:00 · 2016-08-04 16:58:13 -04:00 · c9387e41db
commit c9387e41db
parent c8cc804f56
2 changed files with 3 additions and 3 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2269,7 +2269,7 @@ main (int argc, char **argv)
    opt.def_cert_expire = "0";
    gnupg_set_homedir (NULL);
    opt.passphrase_repeat = 1;
-    opt.emit_version = 1; /* Limit to the major number.  */
+    opt.emit_version = 0;
    opt.weak_digests = NULL;
    additional_weak_digest("MD5");