Someone is squatting GnuPG names

Jeffrey Walton noloader at
Thu Apr 2 03:06:38 CEST 2020

Hi Everyone,

It looks like someone is squatting the name names "GPG" and "GnuPG"
(and the other subprojects). Also see They are
even using the project's icons.

Unsuspecting users don't really have a way to determine the projects
are not authorized. They don't show as a fork (in the upper left hand
corner). Rather they appear to be an authorized source.

I found the projects when searching for the project's github. I did
not learn they were fakes until Werner commented in a bug report.

If the projects are fake then GnuPG should contact GitHub (and other
Git-based services) and have the repos taken down.

Thanks in advance.

More information about the Gnupg-devel mailing list