#gpgfail — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gpgfail, aggregated by home.social.
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
Aufgrund der schwerwiegenden Sicherheitslücken die unter https://gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
https://informatik.hs-bremerhaven.de/lafischer/tutorials/2023-11-20-gnupg.htmlAls wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.
Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (https://sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.
Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?
-
Aufgrund der schwerwiegenden Sicherheitslücken die unter https://gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
https://informatik.hs-bremerhaven.de/lafischer/tutorials/2023-11-20-gnupg.htmlAls wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.
Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (https://sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.
Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?
-
Aufgrund der schwerwiegenden Sicherheitslücken die unter https://gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
https://informatik.hs-bremerhaven.de/lafischer/tutorials/2023-11-20-gnupg.htmlAls wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.
Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (https://sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.
Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?
-
Aufgrund der schwerwiegenden Sicherheitslücken die unter https://gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
https://informatik.hs-bremerhaven.de/lafischer/tutorials/2023-11-20-gnupg.htmlAls wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.
Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (https://sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.
Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?
-
Aufgrund der schwerwiegenden Sicherheitslücken die unter https://gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
https://informatik.hs-bremerhaven.de/lafischer/tutorials/2023-11-20-gnupg.htmlAls wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.
Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (https://sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.
Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?
-
#GnuPG 2.4.9-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (https://gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.4.9-freepg
-
#GnuPG 2.4.9-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (https://gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.4.9-freepg
-
#GnuPG 2.4.9-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (https://gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.4.9-freepg
-
#GnuPG 2.4.9-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (https://gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.4.9-freepg
-
#GnuPG 2.4.9-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (https://gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.4.9-freepg
-
Lots of vulnerabilities posted in #gpg
gpg.fail
https://gpg.fail/#gpgfail #pgp #encryption #cybersecurity #vulnerability #cve
-
@jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.
-
@jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.
-
@jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.
-
@jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.
-
@jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.
-
Relax 😎! GPG is not OpenPGP!
Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because
A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.
B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)
Please spread the word that #gpg is not #openpgp ... Thanks! #39c3
-
Relax 😎! GPG is not OpenPGP!
Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because
A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.
B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)
Please spread the word that #gpg is not #openpgp ... Thanks! #39c3
-
Relax 😎! GPG is not OpenPGP!
Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because
A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.
B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)
Please spread the word that #gpg is not #openpgp ... Thanks! #39c3
-
Relax 😎! GPG is not OpenPGP!
Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because
A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.
B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)
Please spread the word that #gpg is not #openpgp ... Thanks! #39c3
-
Relax 😎! GPG is not OpenPGP!
Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because
A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.
B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)
Please spread the word that #gpg is not #openpgp ... Thanks! #39c3
-
The #39c3 #gpgfail VOD is now live!
Truly insane to have so many exploits, and that there are several wontfix
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
-
The #39c3 #gpgfail VOD is now live!
Truly insane to have so many exploits, and that there are several wontfix
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
-
The #39c3 #gpgfail VOD is now live!
Truly insane to have so many exploits, and that there are several wontfix
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
-
The #39c3 #gpgfail VOD is now live!
Truly insane to have so many exploits, and that there are several wontfix
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
-
The #39c3 #gpgfail VOD is now live!
Truly insane to have so many exploits, and that there are several wontfix
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
-
A lot of us have have been complaining about GnuPG for years but https://gpg.fail/ takes no prisoners on all sides🔥
-
A lot of us have have been complaining about GnuPG for years but https://gpg.fail/ takes no prisoners on all sides🔥
-
A lot of us have have been complaining about GnuPG for years but https://gpg.fail/ takes no prisoners on all sides🔥
-
A lot of us have have been complaining about GnuPG for years but https://gpg.fail/ takes no prisoners on all sides🔥
-
A lot of us have have been complaining about GnuPG for years but https://gpg.fail/ takes no prisoners on all sides🔥
-
Hey! Long time no see! #googleearthpro #gpgfail
-
Hey! Long time no see! #googleearthpro #gpgfail
-
Hey! Long time no see! #googleearthpro #gpgfail
-
Hey! Long time no see! #googleearthpro #gpgfail
-
Hey! Long time no see! #googleearthpro #gpgfail