Please remove MacGPG from gnupg.org due to serious security concerns
Sandeep Murthy
s.murthy at mykolab.com
Tue Feb 17 14:42:41 CET 2015
I have posted a message in the GPG Tools support forum
copying the original post in this thread, letting the developers
know of the concerns raised here.
Perhaps you will see some comments in the near future.
Sandeep Murthy
s.murthy at mykolab.com
> On 17 Feb 2015, at 13:31, Werner Koch <wk at gnupg.org> wrote:
>
> On Mon, 16 Feb 2015 22:48, js-gnupg-users at webkeks.org said:
>
>> @bash -c "$$(curl -fsSL https://raw.github.com/GPGTools/GPGTools_Core/master/newBuildSystem/prepare-core.sh)"
>
> Bad idea to directly run code from a foreign remote site. I'd
> appreciate if someone from gpgtools.org can comment on this.
>
> GnuPG's speedo build system also downloads stuff via the Makefile but it
> verifies the checksums before proceeding. The checksums are taken from a
> public file which has a detached signature and the public key for that
> is one of the GnuPG release signing keys.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150217/cca57ba5/attachment.sig>
More information about the Gnupg-users
mailing list