Please remove MacGPG from gnupg.org due to serious security concerns

Peter Lebbing peter at digitalbrains.com
Wed Feb 18 10:40:37 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/02/15 22:32, Lukas Pitschl wrote:
> We’ve recently been accused again of "knowlingly lowering the overall 
> security“ [1] by not allowing such a key size. We’re still not sure what
> to do about it exactly.

There will always be people who think they know better and be very... vocal
about it on the internet. I'm sure it has been mentioned how they'll switch to
another program if you don't comply with their demands instantly... :(

I think you should just ignore them and not second-guess the security related
decisions taken by your upstream, the GnuPG project. I don't see any reason
why a version for Mac would need different RSA key size limits than a version
for Linux or Windows.[1]

In fact, the second-guessing might actually unintentionally lower the overall
security...

My 2 cents,

Peter.

[1] Unless of course all Macs are much more powerful and Mac users only
communicate with Mac users... just kidding :P

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list