Please remove MacGPG from due to serious security concerns

Jonathan Schleifer js-gnupg-users at
Wed Feb 18 11:58:29 CET 2015

Am 17.02.2015 um 15:14 schrieb Hugo Osvaldo Barrera <hugo at>:

> Actually, I've noticed that there was a very quick reply to this when it was
> brought to the dev's attention. I'll leave this here for anyone else interested
> in following-up:
> I'm not aware of any track record of writing bad software in the past either -
> I believe they're just human.

"A user complained, so we'd rather use something insecure."

This is not the correct mindset to develop security software!

Also, the new way they solve it ignores the proposal to use git submodules entirely, not even stating why they don't want to use git submodules. But that at least is not a security problem, so I don't have strong feeling about this :).


More information about the Gnupg-users mailing list