Debabrata Das wrote: > Hi All, > > Currently we are using GnuPG 1.4.7 which is under GPL V2 on HP-UX ,but > we came to know that there is a security vulnerability on GnuPG 1.4.8 & > earlier version.Since Gnupg 1.4.9 is under GPL V3 & we don't want to > move to product under GPL v3.Can you please tell us if it is > permissible to back port all the changes made to GnuPg 1.4.9 on to > Gnupg 1.4.7. > > We are interested to use whatever the changes made to bug-fix release > Gnupg 1.4.9 on to Gnupg 1.4.7 which is under GPL V2 and use it.
There is nothing to backport. David Shaw answered this exact same post last
Friday on both GnuPG-Users and GnuPG-Devel. To save you the /herculean/ effort
of actually reading either list, here again is his reply:
"The recent bug only applies to 1.4.8 and 2.0.8. It does not apply to
1.4.7 or any earlier version. There is no need to backport any
patches."
David is one of the principal developers of GnuPG. I'd trust his answer on this.
--
John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
