home.social

#gpgfail — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #gpgfail, aggregated by home.social.

  1. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  2. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  3. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  4. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  5. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  6. Aufgrund der schwerwiegenden Sicherheitslücken die unter gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
    informatik.hs-bremerhaven.de/l

    Als wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.

    Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.

    Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?

    #gpgfail

  7. Aufgrund der schwerwiegenden Sicherheitslücken die unter gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
    informatik.hs-bremerhaven.de/l

    Als wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.

    Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.

    Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?

    #gpgfail

  8. Aufgrund der schwerwiegenden Sicherheitslücken die unter gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
    informatik.hs-bremerhaven.de/l

    Als wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.

    Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.

    Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?

    #gpgfail

  9. Aufgrund der schwerwiegenden Sicherheitslücken die unter gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
    informatik.hs-bremerhaven.de/l

    Als wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.

    Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.

    Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?

    #gpgfail

  10. Aufgrund der schwerwiegenden Sicherheitslücken die unter gpg.fail aufgeführt sind, habe ich mich heute gezwungen gesehen eine Warnung vor GnuPG in meinem Tutorial anzubringen.
    informatik.hs-bremerhaven.de/l

    Als wirklich langjähriger Nutzer von GnuPG und aktiver Don Quichotte für Email-Verschlüsselung und -Authentizität finde ich das eine sehr betrübliche Situation.

    Nach Alternativen für meine Toolchain schaue ich mich gerade um. Erster Kandidat ist #sequoia (sequoia-pgp.org/). Und auf den ersten Blick bin ich schon mal davon erfreut, dass ich dort DANE direkt unterstützt sehe.

    Kann jemand andere OpenPGP-Werkzeuge empfehlen? Und warum?

    #gpgfail

  11. #GnuPG 2.4.9-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  12. #GnuPG 2.4.9-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  13. #GnuPG 2.4.9-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  14. #GnuPG 2.4.9-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  15. #GnuPG 2.4.9-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  16. @jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.

  17. @jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.

  18. @jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.

  19. @jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.

  20. @jan once details are published, and #39c3 is over, well take another look. But note that #deltachat's usage of #openpgp is intentionally minimal. #Gpgfail is a lot about failures of signature verification, and parsing problems in the gpg c-implementation but #deltachat doesn't use these mechanisms or code at all. The @rpgp folks are still studying the details, and there might be issues, so maybe also follow them for more details. Again, this doesn't affect deltachat as things stand.

  21. Relax 😎! GPG is not OpenPGP!

    Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

    A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

    B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

    Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

  22. Relax 😎! GPG is not OpenPGP!

    Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

    A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

    B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

    Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

  23. Relax 😎! GPG is not OpenPGP!

    Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

    A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

    B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

    Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

  24. Relax 😎! GPG is not OpenPGP!

    Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

    A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

    B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

    Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

  25. Relax 😎! GPG is not OpenPGP!

    Yesterday, vulnerabilities were published gpg.fail but they don't affect #deltachat or other #chatmail clients because

    A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

    B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

    Please spread the word that #gpg is not #openpgp ... Thanks! #39c3

  26. The #39c3 #gpgfail VOD is now live!

    Truly insane to have so many exploits, and that there are several wontfix

    media.ccc.de/v/39c3-to-sign-or

  27. The #39c3 #gpgfail VOD is now live!

    Truly insane to have so many exploits, and that there are several wontfix

    media.ccc.de/v/39c3-to-sign-or

  28. The #39c3 #gpgfail VOD is now live!

    Truly insane to have so many exploits, and that there are several wontfix

    media.ccc.de/v/39c3-to-sign-or

  29. The #39c3 #gpgfail VOD is now live!

    Truly insane to have so many exploits, and that there are several wontfix

    media.ccc.de/v/39c3-to-sign-or

  30. The #39c3 #gpgfail VOD is now live!

    Truly insane to have so many exploits, and that there are several wontfix

    media.ccc.de/v/39c3-to-sign-or

  31. A lot of us have have been complaining about GnuPG for years but gpg.fail/ takes no prisoners on all sides🔥

    #39c3 #gnupg #gpgfail #sequoiapgp

  32. A lot of us have have been complaining about GnuPG for years but gpg.fail/ takes no prisoners on all sides🔥

    #39c3 #gnupg #gpgfail #sequoiapgp

  33. A lot of us have have been complaining about GnuPG for years but gpg.fail/ takes no prisoners on all sides🔥

    #39c3 #gnupg #gpgfail #sequoiapgp

  34. A lot of us have have been complaining about GnuPG for years but gpg.fail/ takes no prisoners on all sides🔥

    #39c3 #gnupg #gpgfail #sequoiapgp

  35. A lot of us have have been complaining about GnuPG for years but gpg.fail/ takes no prisoners on all sides🔥

    #39c3 #gnupg #gpgfail #sequoiapgp