HackerTrans
TopNewTrendsCommentsPastAskShowJobs

KooBaa

no profile record

comments

KooBaa
·6 tháng trước·discuss
Of course it does, and all released software and tarballs as well.
KooBaa
·6 tháng trước·discuss
The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.