mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
190 lines
6.7 KiB
Plaintext
190 lines
6.7 KiB
Plaintext
To: gnupg-announce@gnupg.org, info-gnu@gnu.org
|
|
Mail-Followup-To: gnupg-users@gnupg.org
|
|
|
|
|
|
Hello!
|
|
|
|
We are pleased to announce the availability of a new stable GnuPG-2
|
|
release: Version 2.0.14.
|
|
|
|
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
|
and data storage. It can be used to encrypt data, create digital
|
|
signatures, help authenticating using Secure Shell and to provide a
|
|
framework for public key cryptography. It includes an advanced key
|
|
management facility and is compliant with the OpenPGP and S/MIME
|
|
standards.
|
|
|
|
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.10) in
|
|
that it splits up functionality into several modules. However, both
|
|
versions may be installed alongside without any conflict. In fact,
|
|
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
|
included in GnuPG-2 and allows for seamless passphrase caching. The
|
|
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
|
other modules at run and build time. We will keep maintaining GnuPG-1
|
|
versions because they are very useful for small systems and for server
|
|
based applications requiring only OpenPGP support.
|
|
|
|
GnuPG is distributed under the terms of the GNU General Public License
|
|
(GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems.
|
|
|
|
|
|
What's New
|
|
===========
|
|
|
|
* The default for --include-cert is now to include all certificates
|
|
in the chain except for the root certificate.
|
|
|
|
* Numerical values may now be used as an alternative to the
|
|
debug-level keywords.
|
|
|
|
* The GPGSM --audit-log feature is now more complete.
|
|
|
|
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
|
|
|
|
* New GPGSM option --ignore-cert-extension.
|
|
|
|
* New and changed passphrases are now created with an iteration count
|
|
requiring about 100ms of CPU work.
|
|
|
|
|
|
|
|
Getting the Software
|
|
====================
|
|
|
|
Please follow the instructions found at http://www.gnupg.org/download/
|
|
or read on:
|
|
|
|
GnuPG 2.0.14 may be downloaded from one of the GnuPG mirror sites or
|
|
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
|
|
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
|
|
is not available at ftp.gnu.org.
|
|
|
|
On the FTP server and its mirrors you should find the following files
|
|
in the gnupg/ directory:
|
|
|
|
gnupg-2.0.14.tar.bz2 (3889k)
|
|
gnupg-2.0.14.tar.bz2.sig
|
|
|
|
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
|
|
|
gnupg-2.0.13-2.0.14.diff.bz2 (42k)
|
|
|
|
A patch file to upgrade a 2.0.13 GnuPG source tree. This patch
|
|
does not include updates of the language files.
|
|
|
|
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
|
|
|
|
|
|
Checking the Integrity
|
|
======================
|
|
|
|
In order to check that the version of GnuPG which you are going to
|
|
install is an original and unmodified one, you can do it in one of
|
|
the following ways:
|
|
|
|
* If you already have a trusted version of GnuPG installed, you
|
|
can simply check the supplied signature. For example to check the
|
|
signature of the file gnupg-2.0.14.tar.bz2 you would use this command:
|
|
|
|
gpg --verify gnupg-2.0.14.tar.bz2.sig
|
|
|
|
This checks whether the signature file matches the source file.
|
|
You should see a message indicating that the signature is good and
|
|
made by that signing key. Make sure that you have the right key,
|
|
either by checking the fingerprint of that key with other sources
|
|
or by checking that the key has been signed by a trustworthy other
|
|
key. Note, that you can retrieve the signing key using the command
|
|
|
|
finger wk ,at' g10code.com
|
|
|
|
or using a keyserver like
|
|
|
|
gpg --recv-key 1CE0C630
|
|
|
|
The distribution key 1CE0C630 is signed by the well known key
|
|
5B0358A2. If you get an key expired message, you should retrieve a
|
|
fresh copy as the expiration date might have been prolonged.
|
|
|
|
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
|
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
|
|
|
* If you are not able to use an old version of GnuPG, you have to verify
|
|
the SHA-1 checksum. Assuming you downloaded the file
|
|
gnupg-2.0.14.tar.bz2, you would run the sha1sum command like this:
|
|
|
|
sha1sum gnupg-2.0.14.tar.bz2
|
|
|
|
and check that the output matches the first line from the
|
|
following list:
|
|
|
|
cc5e4637f37f5bc82b00c73fc094ddadb7401821 gnupg-2.0.14.tar.bz2
|
|
cad88a7f3653479df41ddb7956b9f8a0ff6f2185 gnupg-2.0.13-2.0.14.diff.bz2
|
|
|
|
|
|
Internationalization
|
|
====================
|
|
|
|
GnuPG comes with support for 27 languages. Due to a lot of new and
|
|
changed strings many translations are not entirely complete. Jedi,
|
|
Maxim Britov, Jaime Suárez and Nilgün Belma Bugüner have been kind
|
|
enough to go over their translations and thus the Chinese, German,
|
|
Russian, Spanish, and Turkish translations are pretty much complete.
|
|
|
|
|
|
Documentation
|
|
=============
|
|
|
|
We are currently working on an installation guide to explain in more
|
|
detail how to configure the new features. As of now the chapters on
|
|
gpg-agent and gpgsm include brief information on how to set up the
|
|
whole thing. Please watch the GnuPG website for updates of the
|
|
documentation. In the meantime you may search the GnuPG mailing list
|
|
archives or ask on the gnupg-users mailing lists for advise on how to
|
|
solve problems. Many of the new features are around for several years
|
|
and thus enough public knowledge is already available. KDE's KMail is
|
|
the most prominent user of GnuPG-2. In fact it has been developed along
|
|
with the KMail folks. Mutt users might want to use the configure
|
|
option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make
|
|
use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP
|
|
support.
|
|
|
|
The manual is also available online in HTML format at
|
|
http://www.gnupg.org/documentation/manuals/gnupg/
|
|
and in Portable Document Format at
|
|
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
|
|
|
|
|
|
Support
|
|
=======
|
|
|
|
Improving GnuPG is costly, but you can help! We are looking for
|
|
organizations that find GnuPG useful and wish to contribute back.
|
|
You can contribute by reporting bugs, improve the software, order
|
|
extensions or support or more general by donating money to the Free
|
|
Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html).
|
|
|
|
Commercial support contracts for GnuPG are available, and they help
|
|
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
|
|
company owned and headed by GnuPG's principal author, is currently
|
|
funding GnuPG development. We are always looking for interesting
|
|
development projects.
|
|
|
|
The GnuPG service directory is available at:
|
|
|
|
http://www.gnupg.org/service.html
|
|
|
|
|
|
Thanks
|
|
======
|
|
|
|
We have to thank all the people who helped with this release, be it
|
|
testing, coding, translating, suggesting, auditing, administering the
|
|
servers, spreading the word or answering questions on the mailing
|
|
lists.
|
|
|
|
|
|
Happy Hacking,
|
|
|
|
The GnuPG Team
|
|
|