Report side-channel leakages

Werner Koch wk at
Mon Aug 24 20:47:29 CEST 2020

On Mon, 24 Aug 2020 09:43, Shawn Landden said:
> When I reported some side-channel vulnerabilities Werner Koch got angry,
> taking it as a loss of face, and started making it difficult to get my patches
> accepted, by raising copyright arguments that are both incorrect and

I am not sure which side-channel vulnerabilities you mean here.  Can you
please explain and point me to the respective mail?

I recall a debate around July 2019 on whether to include code from an
OpenSSL related project called Crytograms.  I replied that the license
is not compatible with the LGPL and Jussi was kind to implement PowerPC
vector Crypto for AES on top of your pacth but without Cryptograms.

Anyway, to report security bugs, we have instructions at>Documentation->Security

Should be easy enough to find.  The security address as stated in each
project'ss AUTHORS file is also monitored by the core developers.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gcrypt-devel mailing list