KooBaa·6 か月前·議論The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.