Please remove MacGPG from gnupg.org due to serious security concerns
Werner Koch
wk at gnupg.org
Tue Feb 17 14:31:29 CET 2015
On Mon, 16 Feb 2015 22:48, js-gnupg-users at webkeks.org said:
> @bash -c "$$(curl -fsSL https://raw.github.com/GPGTools/GPGTools_Core/master/newBuildSystem/prepare-core.sh)"
Bad idea to directly run code from a foreign remote site. I'd
appreciate if someone from gpgtools.org can comment on this.
GnuPG's speedo build system also downloads stuff via the Makefile but it
verifies the checksums before proceeding. The checksums are taken from a
public file which has a detached signature and the public key for that
is one of the GnuPG release signing keys.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list