[Announce] GnuPG 2.1.0 "modern" released

[Werner Koch]

On Fri,  7 Nov 2014 22:21, sinic at sinic.name said:

> Invoking GnuPG that way is insecure without knowing the contents of the
> signature file. An attacker could have replaced it by something that's
> not, in fact, a detached signature.

I guess that this bug exists at least since 1.0.4 and I consider this a
serious flaw.  I am thinking about a proper solution which limts
breakage.

As a quick minimal fix I changed the instructions on the website.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.