gnupg-1.1.7, a Python GnuPG wrapper, is released on PyPI

isis agora lovecruft isis at patternsinthevoid.net
Wed Jul 3 16:50:48 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Announcing the release of a more secure Python wrapper for GnuPG on PyPI.


About this release
- ------------------

This is the first stable release of a module (named 'gnupg' on PyPI)[0], which
originated as a fork of python-gnupg.[1] Several problems were found with the
upstream version, including a security vulnerability triggered by unvalidated
user input, and when used within networked code, can lead to remote arbitrary
code execution. Full notes of the audit can be found in the docs/ directory of
the git repo [2] and as orgmode→html [3] in the online documentation.

The new version [4] is incompatible with the old version, though the changes
required to upgrade for software depending on the old version should be
slight. Not to mention, the module is now extensively documented,[5] and
developed openly. It was downloaded nearly 1000 times on the first day it was
uploaded to PyPI.

To install:
$ [sudo] pip install gnupg

References:
[0]: https://pypi.python.org/gnupg/
[1]: https://code.google.com/p/python-gnupg/
[2]: https://github.com/isislovecruft/python-gnupg/raw/master/docs/NOTES-python-gnupg-3.1-audit.org
[3]: http://pythonhosted.org/gnupg/NOTES-python-gnupg-3.1-audit.html
[4]: https://github.com/isislovecruft/python-gnupg/
[5]: https://pythonhosted.org/gnupg/

- -- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-----BEGIN PGP SIGNATURE-----

iQJuBAEBCgBYBQJR1DpIBYMB4TOASxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRo
ZXZvaWQubmV0MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIz
NQAKCRCjrbZ6LNuLNafeEACH23ZjAHyx0a42db8AKo9cpHMur5YH0CtICp3h8z80
CAWMyFSOOK87Dpzx7kWhyXcWIu55LBFGnW8iQyeLMnAmgtpEXuGV47lCpcuwMGmU
lsyRY0UBcp1j38uiyc0RHbvdZxY18mG4UgX1dmCnO1ehYdGc7kbMgvcmPdNZWErJ
pDLtxO1+8BZwoYEr0ngSJ+p26IaOmaAaKG4/iuGQ7ac9P8w5CPr4k4rNme4u/yvO
pn29syvCfo6FDcb5j4SOpJWwLbH1mo5xry6KUJflVLHx779q3sDcz3M9wX4pSeOn
RISeo5TcXAca6YZLlMbArAsy/dYjW5bINCkTo4S7zY1VsaeN1uAH6NC9T1BqI+e+
7APD6DD6/qN0Tjv6rT3TZKugFyFtwn98HZxA78kFWZJQbG6SzzgEvfph7pTgm8Tm
EavrXex6LQvY6C93yoSoicoBoIZuCXJ7SmkMvf9GJRfDcj9dLM8DVxb0VkclUaKr
AaHAFcdjIZ+CZHOukSHmRhrNKNa+FUnAyIrxcfcDU5gsqpOoLgWwWuFrkHICQMyQ
PYkMQ0Dh/xhEA5P1tChX1taxOAVJCIWLhQGFaXLWqPM85a+TC2p0GpRga4oKzdUJ
ZFB8hBM5T83614iQ8E5FjA6BvryksfVWoe0TW/212C+zeDOXiQl3LdXjnrtfP1cU
bQ==
=SfHT
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list