HackerTrans
TopNewTrendsCommentsPastAskShowJobs

KooBaa

no profile record

comments

KooBaa
·hace 6 meses·discuss
Of course it does, and all released software and tarballs as well.
KooBaa
·hace 6 meses·discuss
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.