Please remove MacGPG from due to serious security concerns

Juergen Fenn schneeschmelze at
Tue Feb 17 20:16:27 CET 2015

2015-02-17 17:31 GMT+01:00 Martin Paljak <martin at>:

> So, generally speaking: if the upstream has not catered to the OSX
> folks and somebody on the internet has, I would not blame GPGTools
> guys for doing it. Yes, it would be nice if one at least tried to
> contribute back to upstream and to work in an open manner, but at
> least they DO something, for what there is apparent need.

Well, there are by now three ways get GPG running on a Mac, we have
had this summary on the Enigmail list just this weekend:

I tried to get GnuPG working under Mavericks via MacPorts, to no
avail, because there was no pinentry for the Mac. There are only two
ones, viz. from GPGTools and the one from Patrick Brunschwig's
project. The third option Ludwig mentions in his post is not a current
version. I have not had the time to test Patrick's distro so far, but
if it works it looks more interesting to me because, as you've pointed
out, the GPGTools have decided to go all commercial including, I
didn't realise this before, a closed code repository so that no one
can study the code? Is this true? I can't believe it.

Enigmail has discussed recently to drop support for GnuPG1, making
gpg-agent/pinentry a crucial issue on the Mac. The standard version of
pinentry from MacPorts does not work properly out of the box.

Anyway, alternatives should be mentioned on the GnuPG pages because—I
agree to the OP—this is too important an issue, GnuPG also being used
by  many people who seriously depend on its security.

The question is, can we use GnuPG on the Mac and rely on it?


More information about the Gnupg-users mailing list