The other day I was asked to help create signed mails with PHP. Since there is an object-oriented interface for GnuPG as PEAR module it is logical to make use of it.

Building mail and signing it with a Crypt_GPG object unfortunately results in a Bad signature as reported by GnuPG when read with Mutt. This is caused by the way text is handled in mail. Due to mails being transferred between different operating systems (Unix, GNU/Linux, DOS and other) text in mails can not be considered binary. Therefore, a digital signature that would match the binary mail text may not match the interpreted text in a mail and may cause the signature to be considered bad.

To cope with this GnuPG has to mark the signature with a special flag which is added when --textmode is specified on the command line. This parameter, however, was missing in Crypt_GPG — until now. The lead developer Michael Gauthier and I have developed a patch that allows to add this missing option as fourth parameter to the sign() method.

This update will be part of the next version of Crypt_GPG. Since the patch is approved upstream and seems to be sufficiently important, I took the chance and added it to the Debian package 1.0.0-2 already.

I've released version 0.9 of dtaus which sums up several minor fixes that have accumulated over time. None of these are serious which is why they haven't been discovered earlier. Thanks go to Jens Rohler and Peter Schlaile who provided several improvements, more functions for the bigint library which is used outside of dtaus as well and corrected the option "Referenz".

This years' Linux developers meeting is generally dedicated to MIPS and VAX hardware and takes place this weekend in Essen. We're glad to have found a place where we can meet for a four-day weekend and hack on various things. Again an impressive amount of different hardware has been carried to the meeting.

Most developers have arrived already and are discussing issues and presenting various pieces of hardware. Earlier today we've had an interesting start. During setting up of the network one switch decided to refuse booting and another power strip decided to blow a fuse - something we didn't experience for several years, so this was sort of new for us again.

Recently I've created the new digital key 0x68B64E0D for the Debian security team. Our GnuPG key usually expires after a good year and is then replaced by a new one.

Users and developers who would like to send sensitive information to the security team should use this key to encrypt the messages to us.

I'm glad to announce the new version 0.7 of the cgilib, the lightweight CGI Library, an implementation for CGI programs written in C. The library is used for efficient and fast CGI applications. The new version adds improvements collected over the last year.

POST and GET variables in an application are now separated from cookie variables and can be set and read without the need of the other. The new version automatically builds a shared library that applications can be linked against. This is due to the switch to GNU autotools, thanks to Michael Petullo. The conversion to use GNU autotools intends to provide better support for *BSD systems.