HackerTrans
TopNewTrendsCommentsPastAskShowJobs

KooBaa

no profile record

comments

KooBaa
·6 bulan yang lalu·discuss
Of course it does, and all released software and tarballs as well.
KooBaa
·6 bulan yang lalu·discuss
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.