When I reported some side-channel vulnerabilities Werner Koch got angry, taking it as a loss of face, and started making it difficult to get my patches accepted, by raising copyright arguments that are both incorrect and contradictory to his previous comments, where he said there would be no copyright problem.<div><br /></div><div>Shawn Landden<br /><br />15:37, 24 de agosto de 2020, "Qinkun Bao via Gcrypt-devel" <gcrypt-devel@gnupg.org>:<br /><blockquote class="210e7a848e8fcb45wmi-quote"><div dir="ltr">Hello,<div><br /></div><div>We found some secret-dependent control-flows in the latestĀ version of libgcrypt (1.8.6). Those leakage sites may lead to potential side-channelĀ attacks. I was wondering if you are interested in fixing those leakages? If so, could you please share us with the way to report those side-channel leakages?</div><div><br /></div><div>Thanks,</div><div>Qinkun Bao</div></div>
<p>_______________________________________________<br />Gcrypt-devel mailing list<br /><a href="mailto:Gcrypt-devel@gnupg.org">Gcrypt-devel@gnupg.org</a><br /><a href="http://lists.gnupg.org/mailman/listinfo/gcrypt-devel">http://lists.gnupg.org/mailman/listinfo/gcrypt-devel</a><br /></p></blockquote><br /><br />-- <br />Shawn Landden</div>