HackerTrans
TopNewTrendsCommentsPastAskShowJobs

KooBaa

no profile record

comments

KooBaa
·6 месяцев назад·discuss
Of course it does, and all released software and tarballs as well.
KooBaa
·6 месяцев назад·discuss
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.