Please remove MacGPG from due to serious security concerns

Ville Määttä mailing-lists at
Tue Feb 17 20:42:48 CET 2015

> On 17 Feb 2015, at 21:03, Sandeep Murthy <s.murthy at> wrote:
> As a user, not a developer on MacGPG, the issues previously
> raised here about the remote execution of scripts etc. may be
> questionable, but they do not directly affect my use of the software,
> which is nothing but a front end for GnuPG.

If MacGPG were not a fork that would be the situation. Alas, it *is a fork and not just a front-end* for GPG.

There are binary level differences from upstream which the average user does not know, nor should they need to.

> The GPG plug-in for Apple Mail is not without its shortcomings but
> it is incredibly easy to use and works well the other components
> of the GPG suite.  I have not used Enigmail, but it’s simply a
> question of choice.

I agree. I wouldn’t like anything better than to have all users using an open source client but I don’t have any illusions of getting there any time soon. Thus, plugins for the system default are necessary.


More information about the Gnupg-users mailing list