Hi Werner,
Thanks for responding
> this is a requirement for OpenPGP because OpenPGP allows to embed a signature
> in encrypted data (combined method in contrast to the rarely used MIME
> containers). Thus when calling the decrypt function you can't know in
> advance whether there will be a
Hi all,
On 9 June 2020 I disclosed a vulnerability in fwupd. There was a problem with
the way that it used libgpgme to verify the PGP signature of its update
metadata.
I would like to put it forward for wider discussion: is libgpgme is working as
intended, or should this particular behaviour be