[Announce] GnuPG 1.4 and 2.0 buffer overflow

Werner Koch wk at gnupg.org
Tue Nov 28 09:43:53 CET 2006

On Tue, 28 Nov 2006 09:32, rjh at sixdemonbag.org said:

> overflows are simply not possible.  Ada95 is an example of a language
> which compiles to fast native code and has robust protections against
> buffer overflow.

Unless you disable them which is often done for performance reasons

We can't change the implementation language: It is too much work and
there are not enough developers available which are up to Ada.

> gnupg-devel, but the contrary view--that C is simply the wrong language
> to use for security-critical software--should at least be mentioned, I

C is used everywhere and before you start to change all applications
you need to change the underlying infrastructure.  That huge and
constantly changing Linux kernel needs to be targeted too.



More information about the Gnupg-devel mailing list