| ▲ | shakna 3 hours ago | |
Worth noting: minisign and age were also affected by a couple things here. GnuPG has decided a couple things are out of scope, fixed a couple others. Not all is in distro packages yet. age didn't have the clearest way to report things - discord is apparently the point of contact. Which will probably improve soon. minisign was affected by most everything GnuPG was, but had a faster turnaround to patching. | ||
| ▲ | tptacek 2 hours ago | parent | next [-] | |
The minisign bug was much less severe than the (insane) GPG signing bugs, and the age bug wasn't a cryptographic thing at all, just a dumb path sanitization thing. Minisign was not in fact affected by most everything GPG was. The GnuPG team wontfixed one of the most significant bugs! | ||
| ▲ | stackghost an hour ago | parent | prev [-] | |
The mark of good security is not "has no bugs". It's how the maintainers respond to security-relevant bugs. | ||