HackerTrans
TopNewTrendsCommentsPastAskShowJobs

KooBaa

no profile record

comments

KooBaa
·6 maanden geleden·discuss
Of course it does, and all released software and tarballs as well.
KooBaa
·6 maanden geleden·discuss
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.