‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 12, 2021 8:08 PM, Karl <[email protected]> wrote:
> `pip3 install python-gnupg` > this installs a fork on github with a high version number that hasn't > been updated for 3 years. this fork has a fix for a severe vulnerability related to subprocess execution. (e.g. original sources vulnerable to arbitrary code execution.) i prefer this fork, which also includes the subprocess fixes: git clone https://github.com/isislovecruft/python-gnupg.git cd python-gnupg make install make test note that an alternative approach is to use the GPGME library, ala pygpgme: https://bazaar.launchpad.net/~jamesh/pygpgme/trunk/files best regards,
