[Announce] GnuPG 1.4 and 2.0 buffer overflow
Werner Koch
wk at gnupg.org
Tue Nov 28 09:43:53 CET 2006
On Tue, 28 Nov 2006 09:32, rjh at sixdemonbag.org said:
> overflows are simply not possible. Ada95 is an example of a language
> which compiles to fast native code and has robust protections against
> buffer overflow.
Unless you disable them which is often done for performance reasons
;-).
We can't change the implementation language: It is too much work and
there are not enough developers available which are up to Ada.
> gnupg-devel, but the contrary view--that C is simply the wrong language
> to use for security-critical software--should at least be mentioned, I
C is used everywhere and before you start to change all applications
you need to change the underlying infrastructure. That huge and
constantly changing Linux kernel needs to be targeted too.
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list