Optimization-dependent behavior with GnuPG 1.4.19 and GCC 5
Kevin Locke
kevin at kevinlocke.name
Fri Oct 2 00:35:36 CEST 2015
On Thu, 2015-10-01 at 16:19 +0900, NIIBE Yutaka wrote:
> On 10/01/2015 02:41 PM, Kevin Locke wrote:
>> Any idea if sig->unhashed being NULL is easily avoidable when creating
>> signed documents as a workaround for users with affected versions
>> already in the wild?
>
> I don't think we have an easy way.
>
> Fortunately, GnuPG itself doesn't produce such a signature.
Good to know, thanks! (Also thanks for mentioning pgpdump, it was new
to me.) For my original issue (signed Debian package Release files
for Google Cloud SDK) it may be possible to convince the signers to
use GnuPG for signing the release files, so that may be a solution
after all.
Thanks again,
Kevin
More information about the Gnupg-devel
mailing list