Security patches and gpg 1/2 development

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 26 19:59:51 CET 2014


On 11/26/2014 10:59 AM, Anish Athalye wrote:
> What is the right place to send patches for and discuss security issues in gpg? The gpg-devel mailing list? Or directly to some particular person?

patches should go to gnupg-devel at gnupg.org, or to a bug report if you
file one here:

 https://bugs.g10code.com/gnupg/index

Hopefully Werner can weigh in on what to do if you have a sensitive
security issue that you want to embargo (this should probably also be
added somewhere prominent on https://www.gnupg.org/)

> Also, are there two different repositories for gpg 1/2 development? How exactly is that organized?

they're all branches in one repository:

  git clone git://git.gnupg.org/gnupg.git

and take a look at:

 git branch -a

You might also be interested in some of the info here: http://git.gnupg.org/

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141126/537e84c8/attachment.sig>


More information about the Gnupg-users mailing list