Hello, Am Donnerstag, 9. März 2006 19:53 schrieb Werner Koch:
> Summary > ======= > > In the aftermath of the false positive signature verfication bug > (announced 2006-02-15) more thorough testing of the fix has been done > and another vulnerability has been detected. > > This new problem affects the use of *gpg* for verification of > signatures which are _not_ detached signatures. The problem also > affects verification of signatures embedded in encrypted messages; > i.e. standard use of gpg for mails. > well, this takes me to a difficult question: How much more are to come? (Have you begun a code audit? How long will it take then?) I haven't been following the gnupg development so far, but imho the recent development of actions rater is rather disturbing - and these kind of bugs tend to disqualify gnupg from mission critical use. Please don't get me wrong, I really like gnupg and appreciate what you've done so far, but the recent development worries me. Keep smiling yanosz _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
