Nickolay Olshevsky

@antonsviridenko It looks like something changed in latest CMake update in the runner: while MSVC version is the same, compared to 20220801 runner, cmake was updated, and now cl.exe is...

@antonsviridenko If you are interested in the details, the reason for this is the following commit in Googletest codebase: https://github.com/google/googletest/commit/131878ce9e18e3fcc5fdd690c93ee9d36f0a18d3 This option due to some CMake internals overrides top-level's `add_compile_options("/std:c++latest")`...

@antonsviridenko does this look good to you now? Cannot assign you as reviewer as you created this PR :)

@kaie @dewyatt @ronaldtse @rrrooommmaaa @antonsviridenko You are welcome for discussion here!

Currently working idea is to mark definitely weak hashes/ciphers/small key size by returning some specific error code (like RNP_ERROR_WEAK_CRYPTO), so "simple" implementation will return an error, more complicated - tell...

> @dkg the latest proposal is located here: [#1524 (comment)](https://github.com/rnpgp/rnp/pull/1524#issuecomment-956019966) . > In addition, we'll have some compiler switches to disable certain algorithms completely from the compilation (already have few...

> I don't know that compiler switches will be useful for thunderbird's purpose, if we're talking about thunderbird using the system-installed librnp -- if that's the case, then thunderbird won't...

Can be implemented via https://github.com/rnpgp/rnp/issues/1644, i.e. `rnp --unwrap file.pgp | rnp --list-packets -`

It could be easier to add some more general function `rnp_op_verify_set_flags(op, RNP_VERIFY_REQUIRE_SINGLE_SIG)` which could be reused for other behaviour-changing purposes later (we have `rnp_op_encrypt_set_flags()` already).

> I'd be OK with the set_flags approach if the new release changes the default semantics to the non-brittle behavior, and the user has to rnp_op_verify_set_flags(op, RNP_VERIFY_REQUIRE_ALL_SIGS_VALID) to get back...