Security patches and gpg 1/2 development

Daniel Kahn Gillmor dkg at
Wed Nov 26 19:59:51 CET 2014

On 11/26/2014 10:59 AM, Anish Athalye wrote:
> What is the right place to send patches for and discuss security issues in gpg? The gpg-devel mailing list? Or directly to some particular person?

patches should go to gnupg-devel at, or to a bug report if you
file one here:

Hopefully Werner can weigh in on what to do if you have a sensitive
security issue that you want to embargo (this should probably also be
added somewhere prominent on

> Also, are there two different repositories for gpg 1/2 development? How exactly is that organized?

they're all branches in one repository:

  git clone git://

and take a look at:

 git branch -a

You might also be interested in some of the info here:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141126/537e84c8/attachment.sig>

More information about the Gnupg-users mailing list