Someone is squatting GnuPG names
noloader at gmail.com
Thu Apr 2 03:06:38 CEST 2020
It looks like someone is squatting the name names "GPG" and "GnuPG"
(and the other subprojects). Also see https://github.com/gpg. They are
even using the project's icons.
Unsuspecting users don't really have a way to determine the projects
are not authorized. They don't show as a fork (in the upper left hand
corner). Rather they appear to be an authorized source.
I found the projects when searching for the project's github. I did
not learn they were fakes until Werner commented in a bug report.
If the projects are fake then GnuPG should contact GitHub (and other
Git-based services) and have the repos taken down.
Thanks in advance.
More information about the Gnupg-devel