Please remove MacGPG from due to serious security concerns

Sandeep Murthy s.murthy at
Tue Feb 17 14:42:41 CET 2015

I have posted a message in the GPG Tools support forum
copying the original post in this thread, letting the developers
know of the concerns raised here.

Perhaps you will see some comments in the near future.

Sandeep Murthy
s.murthy at

> On 17 Feb 2015, at 13:31, Werner Koch <wk at> wrote:
> On Mon, 16 Feb 2015 22:48, js-gnupg-users at said:
>>        @bash -c "$$(curl -fsSL"
> Bad idea to directly run code from a foreign remote site.  I'd
> appreciate if someone from can comment on this.
> GnuPG's speedo build system also downloads stuff via the Makefile but it
> verifies the checksums before proceeding. The checksums are taken from a
> public file which has a detached signature and the public key for that
> is one of the GnuPG release signing keys.
> Salam-Shalom,
>   Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150217/cca57ba5/attachment.sig>

More information about the Gnupg-users mailing list