Please remove MacGPG from due to serious security concerns

Sandeep Murthy s.murthy at
Tue Feb 17 07:53:18 CET 2015

> I'm guessing because you need an SSH key at GitHub in order to pull via SSH. Yet another problem solved by git modules.
> Still, they could have at least changed it to https.

GitHub supports pull/push via SSH or HTTPS therefore you can do this to with MacGPG (2)
or any GitHub repo.

>> However, I'd recomend that you go over the proper support channels first
>> (rather than merely twitter) before asking that references to the proyect are
>> deleted.

There must be lots of MacGPG users and most of them probably use the GPG
suite, because it is GUI based (also more user friendly, unlike GnuPG) and it
would not be fair on them to unilaterally remove the link to GnuPG or to receive
some kind of security warning without raising the issues you mention with
the people who are actively developing and maintaining the source.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150217/39ed9f66/attachment.sig>

More information about the Gnupg-users mailing list