Please remove MacGPG from gnupg.org due to serious security concerns

Jonathan Schleifer js-gnupg-users at webkeks.org
Wed Feb 18 12:05:18 CET 2015


Am 17.02.2015 um 17:00 schrieb Ville Määttä <mailing-lists at asatiifm.net>:

> Upstream still does have the issue which now seems to have been fixed in the fork but in a binary removed from upstream…

I really can not confirm this. I am running vanilla GnuPG 2.1.2 (built from source) on Yosemite (10.10.2 to be exact) with a Gnuk without any problems.

In any case, I agree about the part that such fixes should be developed in the GnuPG repo and not in basically a fork that receives less reviewing.

> I think the GUI tooling of not only Mac but other *NIX systems to be quite an important factor in getting wider use for encryption. Such tools must be from a respectable source and properly implemented just as much as the underlying engine. I would argue GnuPG should take the responsibility of such tooling where there isn’t a good option. Other *NIX systems are doing fairly well already so I suppose a Mac GUI would really be the urgent one.

I suppose it might be a good idea to have a Qt GUI. That looks native enough on Mac so that most users won't complain, works good on X11 or Wayland based systems and also works well on Windows. Ideally, this would be a project under the GnuPG umbrella, but ideally not taking away time from core developers and thus be done by others. It also is not that security critical if it's just a GUI using the command line tool.

--
Jonathan




More information about the Gnupg-users mailing list