Please remove MacGPG from gnupg.org due to serious security concerns
js-gnupg-users at webkeks.org
Wed Feb 18 11:54:28 CET 2015
Am 17.02.2015 um 14:31 schrieb Werner Koch <wk at gnupg.org>:
> GnuPG's speedo build system also downloads stuff via the Makefile but it
> verifies the checksums before proceeding. The checksums are taken from a
> public file which has a detached signature and the public key for that
> is one of the GnuPG release signing keys.
While this is much better from a security point of view, it still means that building needs an internet connection. It would be nice to be able to build it on an air-gapped machine, which I guess is quite a common use case for GnuPG.
To be fair, though, I never noticed that until you mentioned it :).
More information about the Gnupg-users