On 2019-02-09 11:39:18, Elena ``of Valhalla'' wrote:
> On 2019-02-07 at 11:44:45 -0500, Antoine Beaupré wrote:
>> Hi,
>>
>> Recently, python-gnupg was triaged for maintenance in Debian LTS, which
>> brought my attention to this little wrapper around GnuPG that I'm
>> somewhat familiar with.
>>
>>
On 2019-02-07 at 11:44:45 -0500, Antoine Beaupré wrote:
> Hi,
>
> Recently, python-gnupg was triaged for maintenance in Debian LTS, which
> brought my attention to this little wrapper around GnuPG that I'm
> somewhat familiar with.
>
> Debian is marked as "vulnerable" for CVE-2019-6690 in Jessie
On 2019-02-07 16:48:56, Holger Levsen wrote:
> On Thu, Feb 07, 2019 at 11:44:45AM -0500, Antoine Beaupré wrote:
>> But maybe, instead, we should just mark it as unsupported in
>> debian-security-support and move on. There are few packages depending on
>> it, in jessie:
> [...]
>> in buster:
>> Note
On Thu, Feb 07, 2019 at 11:44:45AM -0500, Antoine Beaupré wrote:
> But maybe, instead, we should just mark it as unsupported in
> debian-security-support and move on. There are few packages depending on
> it, in jessie:
[...]
> in buster:
> Note that the list is (slowly) growing.
marking it it un
On 2019-02-07 11:44:45, Antoine Beaupré wrote:
> https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html
> https://blogs.gentoo.org/mgorny/2019/01/29/identity-with-openpgp-trust-model/
Oops, that second link should have been:
https://dev.gentoo.org/~mgorny/articles/attack-o
Hi,
Recently, python-gnupg was triaged for maintenance in Debian LTS, which
brought my attention to this little wrapper around GnuPG that I'm
somewhat familiar with.
Debian is marked as "vulnerable" for CVE-2019-6690 in Jessie and Stretch
right now, with buster and sid marked as fixed, as you can