i'm trying to reply to this email and i keep closing the window while trying. the fork you referenced is the one i was concernde about that hasn't been updated for 3 years. i was wrong about the todo file. we're clearly still trying to make people think that slavers and human traffickers are altering our communications, since we aren't signing our emails and aren't explaining why.
On 1/12/21, coderman <[email protected]> wrote: > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Tuesday, January 12, 2021 8:08 PM, Karl <[email protected]> wrote: > >> `pip3 install python-gnupg` >> this installs a fork on github with a high version number that hasn't >> been updated for 3 years. > > this fork has a fix for a severe vulnerability related to subprocess > execution. (e.g. original sources vulnerable to arbitrary code execution.) > > > i prefer this fork, which also includes the subprocess fixes: > > git clone https://github.com/isislovecruft/python-gnupg.git > cd python-gnupg > make install > make test > > > note that an alternative approach is to use the GPGME library, ala pygpgme: > https://bazaar.launchpad.net/~jamesh/pygpgme/trunk/files > > > best regards, >
