Am 17.02.2015 um 15:14 schrieb Hugo Osvaldo Barrera <h...@barrera.io>:
> Actually, I've noticed that there was a very quick reply to this when it was > brought to the dev's attention. I'll leave this here for anyone else > interested > in following-up: > > > https://github.com/GPGTools/GPGTools_Core/commit/5186bade36acedfdc0b76f9f5ddfcfc004ec698b > > I'm not aware of any track record of writing bad software in the past either - > I believe they're just human. "A user complained, so we'd rather use something insecure." This is not the correct mindset to develop security software! Also, the new way they solve it ignores the proposal to use git submodules entirely, not even stating why they don't want to use git submodules. But that at least is not a security problem, so I don't have strong feeling about this :). -- Jonathan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
