Please remove MacGPG from gnupg.org due to serious security concerns
Jonathan Schleifer
js-gnupg-users at webkeks.org
Wed Feb 18 11:58:29 CET 2015
Am 17.02.2015 um 15:14 schrieb Hugo Osvaldo Barrera <hugo at barrera.io>:
> Actually, I've noticed that there was a very quick reply to this when it was
> brought to the dev's attention. I'll leave this here for anyone else interested
> in following-up:
>
> https://github.com/GPGTools/GPGTools_Core/commit/5186bade36acedfdc0b76f9f5ddfcfc004ec698b
>
> I'm not aware of any track record of writing bad software in the past either -
> I believe they're just human.
"A user complained, so we'd rather use something insecure."
This is not the correct mindset to develop security software!
Also, the new way they solve it ignores the proposal to use git submodules entirely, not even stating why they don't want to use git submodules. But that at least is not a security problem, so I don't have strong feeling about this :).
--
Jonathan
More information about the Gnupg-users
mailing list