Probably resurfacing, because we have some new attacks thanks to CCC. [0]

Worth noting: minisign and age were also affected by a couple things here.

GnuPG has decided a couple things are out of scope, fixed a couple others. Not all is in distro packages yet.

age didn't have the clearest way to report things - discord is apparently the point of contact. Which will probably improve soon.

minisign was affected by most everything GnuPG was, but had a faster turnaround to patching.

	▲	tptacek 2 hours ago \| parent \| next [-]
		The minisign bug was much less severe than the (insane) GPG signing bugs, and the age bug wasn't a cryptographic thing at all, just a dumb path sanitization thing. Minisign was not in fact affected by most everything GPG was. The GnuPG team wontfixed one of the most significant bugs!
	▲	stackghost an hour ago \| parent \| prev [-]
		The mark of good security is not "has no bugs". It's how the maintainers respond to security-relevant bugs.