PGP Key Poisoner
Stefan Claas
sac at 300baud.de
Mon Aug 12 18:39:38 CEST 2019
Ryan McGinnis via Gnupg-users wrote:
> Yes, ironically, this proof of concept is the responsible way to demonstrate
> the issue (after a sufficient waiting period following a private disclosure
> to the developers), rather than, say, demonstrating the issue by spitefully
> poisoning the keys of a few prominent people in the GPG community. The “if
> nobody talks about it and it remains obscure then it is not an issue” is
> something you would expect from a Mickey Mouse outfit that has no real
> understanding of security, not from a software development community that is
> essentially creating platforms focused on gold-standard security applications
> that underpin a lot of development infrastructure.
>
> Just my two cents *ploink ploink*
I don't want to warm-up this topic again, but... didn't Robert said in his
github gist that the issue was known for more than a decade?
Why was is then not fixed a decade ago, like it was done with 2.2.17?
Regards
Stefan
--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
More information about the Gnupg-users
mailing list