So on & so forth
peter at digitalbrains.com
Tue Aug 19 22:27:04 CEST 2014
On 19/08/14 21:52, Ludwig Hügelschäfer wrote:
> Ack. They use the build system from homebrew. They update recipes from
> time to time, but their releases normally go only with major Mac OS X
> updates (e.g. 10.8 -> 10.9), as in last october with 2.0.22. Their
> main target is the gpg-plugin for Apple mail, I think.
So apparently they're not too worried about the DoS fixed in 2.0.24. And
libgcrypt 1.6.0, which succeeds a version vulnerable to "Get Your Hands Off My
Laptop" if I'm not mistaken, was released in December. I'd hazard a guess that
they ship a vulnerable 1.5.x version.
So everybody: hands off the Mac! ;)
I think that you should only build or fork software when you're willing to
provide the service of security fixes to your users, or clearly indicate this is
out of your scope. Do they provide security support? I think the libgcrypt one
might warrant a fix. A DoS is just annoying.
 Especially security software
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users