Sorry for reviving this old thread. But since you guys still don't accept bug reports (why?!)…
I'm not sure whether this is better or worse than the old situation, but now you include an unsigned binary in your tree that is executed as part of the build process. Nowhere can be found what this binary does or from which sources it has been built. This is at least as bad as executing remove code. Can you please explain why you do this, or why you thought this would be a good idea after that long discussion on how important security is for a security product? -- Jonathan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users