x42 / sound-gambit Goto Github PK
View Code? Open in Web Editor NEWAudio File Peak Limiter
License: GNU General Public License v3.0
Audio File Peak Limiter
License: GNU General Public License v3.0
Hi! When packaging 0.6 for Arch Linux I noticed, that some of the tags are signed using the PGP key ID 7107840B4DC9C948076D6359795524F14F952B42
.
Unfortunately this is a DSA 1024bit key, that predates even the SHA1 algorithm (see the below sq-keyring-linter output).
$ sq-keyring-linter <(gpg --export "7107840B4DC9C948076D6359795524F14F952B42")
Certificate 795524F14F952B42 is not valid under the standard policy + SHA-1: Policy rejected asymmetric algorithm
Examined 1 certificate.
1 certificate is invalid and was not linted. (BAD)
The attached subkeys are self-signed using SHA1 (see the below hokey output):
$ gpg --export "7107840B4DC9C948076D6359795524F14F952B42" | hokey lint
hokey (hopenpgp-tools) 0.23.6
Copyright (C) 2012-2021 Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.
Key has potential validity: good
Key has fingerprint: 7107 840B 4DC9 C948 076D 6359 7955 24F1 4F95 2B42
Checking to see if key is OpenPGPv4: V4
Checking the strength of your primary asymmetric key: DSA 1024
Checking user-ID- and user-attribute-related items:
Robin Gareus <[email protected]>:
Self-sig hash algorithms: [SHA-1]
Preferred hash algorithms: [SHA-1, SHA-256, RIPEMD-160]
Key expiration times: []
Key usage flags: [[auth, sign-data, certify-keys]]
Robin Gareus <[email protected]>:
Self-sig hash algorithms: [SHA-1]
Preferred hash algorithms: [RIPEMD-160, SHA-1]
Key expiration times: []
Key usage flags: []
Robin Gareus <[email protected]>: [revoked]
Revocation code: [UserIdInfoNoLongerValid]
Revocation reason: []
Robin Gareus <[email protected]>: [revoked]
Revocation code: [UserIdInfoNoLongerValid]
Revocation reason: []
Robin Gareus <[email protected]>: [revoked]
Revocation code: [UserIdInfoNoLongerValid]
Revocation reason: []
Robin Gareus <[email protected]>:
Self-sig hash algorithms: [SHA-1]
Preferred hash algorithms: [SHA-1, SHA-256, RIPEMD-160]
Key expiration times: []
Key usage flags: [[auth, sign-data, certify-keys]]
Robin Gareus <[email protected]>: [revoked]
Revocation code: [UserIdInfoNoLongerValid]
Revocation reason: []
Robin Gareus <[email protected]>:
Self-sig hash algorithms: [SHA-1]
Preferred hash algorithms: [SHA-256, SHA-1, SHA-384, SHA-512, SHA-224]
Key expiration times: []
Key usage flags: [[auth, sign-data, certify-keys]]
Robin Gareus (Robin@Harrison) <[email protected]>:
Self-sig hash algorithms: [SHA-1]
Preferred hash algorithms: [SHA-256, SHA-1, SHA-384, SHA-512, SHA-224]
Key expiration times: []
Key usage flags: [[auth, sign-data, certify-keys]]
Checking subkeys:
one of the subkeys is encryption-capable: True
fpr: 0F58 F4DD 3EEE D7BC 9381 C76F 558F 56A3 5EE4 BC0A
version: v4
timestamp: 20011208-180314
algo/size: Elgamal encrypt-only 2048
binding sig hash algorithms: [SHA-1]
usage flags: []
embedded cross-cert: False
cross-cert hash algorithms: [SHA-1]
fpr: C1A9 3D91 DCD0 5317 C051 6CAA A090 BCE0 2CF5 7F04
version: v4
timestamp: 20120420-000921
algo/size: RSA 4096
binding sig hash algorithms: [SHA-1]
usage flags: [[sign-data]]
embedded cross-cert: True
cross-cert hash algorithms: [SHA-1]
fpr: 02F2 893F 8426 1CF0 0F6F ED83 6B4C DD16 B4AE 8282
version: v4
timestamp: 20120420-001057
algo/size: RSA 4096
binding sig hash algorithms: [SHA-1]
usage flags: [[encrypt-storage, encrypt-communications]]
embedded cross-cert: False
cross-cert hash algorithms: [SHA-1]
I'm writing all this, because for Arch Linux it is possible to use an upstream's PGP signed tag or commit and verify against that upstream's signature. This comes with a few strings attached though:
In case you intend to provide such a scenario, you would have to create a new key (and sign it with your current key).
I wonder - could sound-gambit perform loudness normalization?
As in - making sure that a specified LUFS Integrated levels is achieved in the output?
I tried doing this with sox - but it's fixed-point so 32-bit float WAVs that cross 0dBFS will get clipped anyway.
I tried ffmpeg but got stuck due to the complexity, and I am also not sure if it can cleanly work on 32-bit float files.
Hi! When attempting to package this software for Arch Linux I noticed, that the project is missing a license file.
Judging from the source code this is all GPL-3.0-or-later, so (for me) technically a LICENSE or COPYING file is not required, but it might be for more strict downstream distributions. Additionally, adding such a file probably makes it more obvious to potential contributors or users under what terms modifications are accepted and under what terms the code may be distributed.
Hi,
A few words about your sound-gambit v0.6 application.
Its use is simple and the result is there.
However, I encountered a limitation on the maximum duration that the audio source file can have.
Above this duration, there is silence...
-Src Wav 24b 48k stereo Max 04:08:33.000
-Src Wav 16b 48k stereo Max 06:12:49.000
Do you think this could be improved?
Are you aware of any possible workaround?
Best regards,
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.