Please remove MacGPG from due to serious security concerns

Lukas Pitschl lukele at
Fri Feb 20 10:38:43 CET 2015

We’ve started to rework our build system in a different branch on github.
It no longer fetches any remote code and removes the dependency from GPGTools_Core, which was previously fetched.
It’s not complete yet, but we’re actively working on it and updating one „application“ at a time.

Am 19.02.2015 um 20:10 schrieb Werner Koch <wk at>:

> On Thu, 19 Feb 2015 18:16, js-gnupg-users at said:
>> I also like @ to hide useless output, but is downloading *and
>> executing* from a remote location really something you should hide?
>> Especially if everything else isn't hidden?
> Okay, someone please write a noscript extension for the loader ;-)
> Salam-Shalom,
>   Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150220/420fd631/attachment.sig>

More information about the Gnupg-users mailing list