Hi together, On the annual conference 39C3, a few PGP-related security bugs were found, many of which are bugs in gnupg2 [1].
The gnupg2 package has not seen an update from its maintainer for >6 months [2], even though lots [3] of updates with lots of security relevant bug fixes have been released. The-new-hotness's update reminders turned into a monologue [4]. Some of the open bugs [5] are remote code execution bugs. PS: I know that this is a public mailing list, and am posting on a public mailing list, since all the information mentioned here is public. Is it possible that gnupg is unmaintained? This would pose a high security risk to the Fedora project. [1] https://gpg.fail/ [2] https://src.fedoraproject.org/rpms/gnupg2/commits/rawhide [3] https://dev.gnupg.org/source/gnupg/browse/master/NEWS [4] https://bugzilla.redhat.com/show_bug.cgi?id=2296000 [5] https://bugzilla.redhat.com/buglist.cgi?component=gnupg2&query_format=advanced&product=Fedora&product=Fedora%20EPEL&bug_status=__open__ -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
