Monkeysphere

monkeysphere 0.44 has been released. Notes from the changelog: * Drop all direct use of perl (for now, we still ship keytrans/openpgp2ssh/ssh2openpgp/pem2openpgp for others who want it. It will be removed in a future version, though) ... [More] * Use gpg's --quick-* interface (Increase GnuPG dependency to >= 2.1.17, where this interface was stabilized) * Drop unused keytrans subcommands * Avoid risky uses of chown * monkeysphere-host import can now handle ed25519 host keys * Avoid a shell invocation in agent-transfer Download it now! [Less]

monkeysphere 0.43 has been released. Notes from the changelog: * Depend on a modern version of GnuPG (>= 2.1.11) for --export-ssh-key * Depend on OpenSSH's ssh-keygen directly for most SSH fingerprints * Depend on OpenSSH >= 6.0 for ... [More] ed25519 and "sshd -T" * Use runuser instead of su * Support Ed25519 authentication-capable subkeys for users * Use https for all outbound links * Clean up spelling * Use 3072 bits for RSA keys everywhere by default * Provide clearer error message for PEM2OPENPGP_NEWKEY (Closes: #906755) * Avoid locking out users unnecessarily (Closes: #897366) -- Daniel Kahn Gillmor Wed, 23 Jan 2019 17:42:19 -0500 Download it now! [Less]

monkeysphere 0.42 has been released. Notes from the changelog: * bugfix release: * use --send-keys instead of --send (closes: #908228) * tests: Ensure that stale sockets don't fail socat (Closes: #899060) * Remove deprecated option from ... [More] test sshd config (Closes: #902320) * write old-style PEM files to unbreak test suite (Closes: #909700) * yet more colon fixes that escaped previous inspections * fix more gnupg2 colons changes (Closes: #902367) * Remove RSAAuthentication from test ssh config (Closes: #902318) * clean up test suite failures when built against newer GnuPG * use generic compiler (closes: #883015) * make print_date_from_seconds_since_the_epoch deal better with bad input -- Daniel Kahn Gillmor Tue, 16 Oct 2018 11:38:39 -0400 monkeysphere (0.41) unstable; urgency=medium * pem2openpgp now includes issuer fingerprint subpacket in hashed self-sig, more compatible with GnuPG 2.1.16 (Closes: #846554) * avoid blocking for entropy during test suite (Closes: #841208) * augment test suite for id certifier with a subkey, for better realism * ensure that attempts to fetch primary key fingerprint only fetch primary key fingerprint even if subkey fprs are emitted (Closes: #846554) * include $CPPFLAGS in agent-transfer build Download it now! [Less]

monkeysphere 0.41 has been released. Notes from the changelog: * pem2openpgp now includes issuer fingerprint subpacket in hashed self-sig, more compatible with GnuPG 2.1.16 (Closes: #846554) * avoid blocking for entropy during test ... [More] suite (Closes: #841208) * augment test suite for id certifier with a subkey, for better realism * ensure that attempts to fetch primary key fingerprint only fetch primary key fingerprint even if subkey fprs are emitted (Closes: #846554) * include $CPPFLAGS in agent-transfer build Download it now! [Less]

monkeysphere 0.41 has been released. Notes from the changelog: * pem2openpgp now includes issuer fingerprint subpacket in hashed self-sig, more compatible with GnuPG 2.1.16 (Closes: #846554) * avoid blocking for entropy during test ... [More] suite (Closes: #841208) * augment test suite for id certifier with a subkey, for better realism * ensure that attempts to fetch primary key fingerprint only fetch primary key fingerprint even if subkey fprs are emitted (Closes: #846554) * include $CPPFLAGS in agent-transfer build Download it now! [Less]

I have just released Monkeysign 2.2.0. This release was made to support Tor and fix a few issues with the build system. This deprecates the 2.1.x branch, see the branches status page for more detailed information on supported branches. Note that the ... [More] full change log is now available online, in the history section. Monkeysign is a user-friendly tool to easily and securely exchange OpenPGP key certifications. See the homepage for more information. As usual, to install Monkeysign, see the install documentation. If you are interested in contributing to the project, you can find more information in the new contributing section. Finally, see the usage section for more information about how to use Monkeysign. Happy signing! [Less]

monkeysphere 0.40 has been released. Notes from the changelog: * bugfix release: * get tests to pass against GnuPG 2.1.15 * build more portably Download it now!

monkeysphere 0.40 has been released. Notes from the changelog: * bugfix release: * get tests to pass against GnuPG 2.1.15 * build more portably Download it now!

I have just released Monkeysign 2.1.4. This important release marks the first release to fully support GnuPG 2.1. Those paying attention will also notice ta 2.1.3 was not announced here: it was a Debian-only release that aimed to fix build errors on ... [More] Debian's infrastructure so I didn't feel it was important to announce it here. I am still allowing a few non-critical changes, in the hope of easing diagnostics and support in the future. Here is the full list of changes: --local now implies --no-mail (Closes: #719242) ship tests with program, accessible with --test parameter stop hardcoding version numbers in code, use setuptools-scm instead enable tests at build time and Debian CI (autopkgtest) complete GnuPG 2.1 support: test suite now passes! Monkeysign is a user-friendly tool to easily and securely exchange OpenPGP key certifications. See the homepage for more information. As usual, to install Monkeysign, see the install documentation. If you are interested in contributing to the project, you can find more information in the new contributing section. Finally, see the usage section for more information about the new features of Monkeysign 2.1.x. Happy signing! [Less]

I have just released Monkeysign 2.1.2. It turns out that the 2.1.0 Debian package had issues upgrading from 2.0.x. Unfortunately, in the 2.1.1 release process, I forgot to increment the internal version number (the one shown in --version), so I had ... [More] to roll out a new release. I consider 2.1.1 to be non-existent and 2.1.2 to be the latest Monkeysign release. I have also allowed myself some small non-critical changes, and will continue to do so until I am happy with the 2.1.x, so in effect, 2.1.x is not really branched off the 2.x branch just yet. I may, for example, ship the test suite directly with Monkeysign, complete the preferences panel and finalize GPG 2.1 support. Monkeysign is a user-friendly tool to easily and securely exchange OpenPGP key certifications. See the homepage for more information. As usual, to install Monkeysign, see the install documentation. If you are interested in contributing to the project, you can find more information in the new contributing section. Finally, see the usage section for more information about the new features of Monkeysign 2.1.x. Sorry for the confusion, and happy hacking! [Less]