Sounds like you should report it directly to GPGTools.org. I'm sure they have a bug tracker or mailing address somewhere.
Have you seen any technical details on this attack? Its hard to tell exactly what's happening from that article. .hc Eric F: > Perhaps not directly gnupg related, more OS X related. But, with both > GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X > sec. discussion the other week) :) > > It's seem like “Gatekeeper” is only using http if I read it correctly. > > Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper > http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/ > > “He found around 150 on his own machine, including hugely popular > software like Microsoft Word and Excel, Apple’s own iCloud Photos and > Dropbox. The list also included Apple’s developer tool *XCODE and email > encryption key management software GPG Keychain, both of which he abused > in his proof of concept attacks*.” > > > I have no idea how this works, but one question that came in mind was if > a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg > on other platforms? > > Anyway, interesting reading. Just wanted to share. > > /Eric > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
