Ryan McGinnis via Gnupg-users wrote: > Yes, ironically, this proof of concept is the responsible way to demonstrate > the issue (after a sufficient waiting period following a private disclosure > to the developers), rather than, say, demonstrating the issue by spitefully > poisoning the keys of a few prominent people in the GPG community. The “if > nobody talks about it and it remains obscure then it is not an issue” is > something you would expect from a Mickey Mouse outfit that has no real > understanding of security, not from a software development community that is > essentially creating platforms focused on gold-standard security applications > that underpin a lot of development infrastructure. > > Just my two cents *ploink ploink*
I don't want to warm-up this topic again, but... didn't Robert said in his github gist that the issue was known for more than a decade? Why was is then not fixed a decade ago, like it was done with 2.2.17? Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
