Need Help

John Clizbe JPClizbe at
Tue Apr 15 18:03:44 CEST 2008

Debabrata Das wrote:
> Hi All,
> Currently we are using GnuPG 1.4.7 which is under GPL V2 on HP-UX ,but
> we came to know that there is a security vulnerability on GnuPG 1.4.8 &
> earlier version.Since Gnupg 1.4.9 is under GPL V3 & we don't want to
> move to  product under GPL v3.Can you please tell us if it is 
> permissible to back port  all the changes  made to GnuPg 1.4.9 on to
> Gnupg 1.4.7.
> We are interested to use whatever the changes made to bug-fix release
> Gnupg 1.4.9  on to Gnupg 1.4.7 which is under GPL V2 and use it.

There is nothing to backport.  David Shaw answered this exact same post last
Friday on both GnuPG-Users and GnuPG-Devel. To save you the /herculean/ effort
of actually reading either list, here again is his reply:

    "The recent bug only applies to 1.4.8 and 2.0.8.  It does not apply to
     1.4.7 or any earlier version.  There is no need to backport any

David is one of the principal developers of GnuPG. I'd trust his answer on this.

John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080415/5db3c552/attachment.pgp>

More information about the Gnupg-users mailing list