Tue Oct 7 21:23:11 CEST 2003
vulnerability of an international magnitude".
They also state that your private key is in danger on a multi-user
system. That's obvious and well known. If you want to depend on your
signature, you must protect your private key which is not possible on a
Another observation: it appears that they didn't contact neither NAI nor
the GnuPG developers although they think that both software packages
have a major security problem. Instead, they issue a press release with
strong words, pointing to a report that will be published in the
future. That's bad style, to say the least. You may note that the
contact person at the bottom is the marketing director ...
Calm down. ;-)
Nils Ellmenreich, Lst. f. Programmierung, Universitaet Passau, Germany
More information about the Gnupg-devel