HackerTrans
トップ新着トレンドコメント過去質問紹介求人

KooBaa

no profile record

コメント

KooBaa
·6 か月前·議論
Of course it does, and all released software and tarballs as well.
KooBaa
·6 か月前·議論
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.