Please remove MacGPG from due to serious security concerns

Jonathan Schleifer js-gnupg-users at
Sun Aug 23 14:28:15 CEST 2015

Sorry for reviving this old thread. But since you guys still don't accept bug reports (why?!)…

I'm not sure whether this is better or worse than the old situation, but now you include an unsigned binary in your tree that is executed as part of the build process. Nowhere can be found what this binary does or from which sources it has been built. This is at least as bad as executing remove code. Can you please explain why you do this, or why you thought this would be a good idea after that long discussion on how important security is for a security product?


More information about the Gnupg-users mailing list