[Announce] GnuPG 1.4 and 2.0 buffer overflow

Werner Koch wk at gnupg.org
Tue Nov 28 09:43:53 CET 2006


On Tue, 28 Nov 2006 09:32, rjh at sixdemonbag.org said:

> overflows are simply not possible.  Ada95 is an example of a language
> which compiles to fast native code and has robust protections against
> buffer overflow.

Unless you disable them which is often done for performance reasons
;-).

We can't change the implementation language: It is too much work and
there are not enough developers available which are up to Ada.

> gnupg-devel, but the contrary view--that C is simply the wrong language
> to use for security-critical software--should at least be mentioned, I

C is used everywhere and before you start to change all applications
you need to change the underlying infrastructure.  That huge and
constantly changing Linux kernel needs to be targeted too.


Salam-Shalom,

   Werner




More information about the Gnupg-devel mailing list