From dd720ef28bae02f8099b25e3f6a5fa710a9bc7d7 Mon Sep 17 00:00:00 2001
From: Brian 'Redbeard' Harrington <redbeard@dead-city.org>
Date: Tue, 19 Jul 2016 23:22:49 -0700
Subject: [PATCH] warning: Display warning when using GPG short ID

The use of GPG short ids is insecure is insecure.  It is trivial to
create a colliding short id with the use of inexpensive hardware.  As
GPG still uses short ids as their default behavior, it is important to
meet users where they're at and while not causing things to break, we
should inform and discourage users from this practice.

Affects #10
---
 main.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main.go b/main.go
index 3dbba98..73a97dd 100644
--- a/main.go
+++ b/main.go
@@ -259,6 +259,7 @@ func checkGPG(file *File) (state SigState, err error) {
 		// short or long id. If it's not 8 or 16, it's not valid.
 		switch l {
 		case 8:
+			fmt.Println("WARNING: The use of short ids is NOT secure.  See https://evil32.com for more info.")
 			rid = signer.PrimaryKey.KeyIdShortString()
 		case 16:
 			rid = signer.PrimaryKey.KeyIdString()