Trusted key problem with GPG 1.0.1

LW yukiko@userdefined.net
Thu May 16 21:01:02 2002


> There are some security problems with 1.0.1 - you don't want to use
> it at all.  Please write to that provider and ask them why they are
> running an insecure system; if they are not updating software like
> GnuPG it is very likely that they do also run exploitable servers
> and CGIs.

I also get the insecure memory warning.  Should this be happening if
they installed it as root?

Thanks for the noteworthy changes.  I'll write them immediately.  This
is the first time they've installed any encryption software.  I've
been requesting encryption modules for some time.  (For what it's
worth, from experience I know they do try to close at least some
exploitable holes.)

If necessary, can I install 1.0.7 for myself and use that instead
of their installed 1.0.1?

Thanks again,

Laila