Hello, I recently came to know that Felix von Leitner (Fefe) did a code audit of GnuPG in 2009. According to him, the patch fixes lots of problems that might be usable as in attack vectors on GnuPG. It seems however, as if this patch was never included into upstream GnuPG. Because of that, he keeps maintaining his patch and offers it freely on his personal website [1].
Although I don't know him personally, as far I know, Felix von Leitner is a professional code security auditor and a reputable member of the Chaos Computer Club. In earlier releases of GnuPG he was even mentioned for supporting the project [2]. What are the reasons which lead to the patch never being applied? Is there any archived discussion available about that topic? Have the problems addressed by the patch been fixed otherwise? [1]: https://www.fefe.de/ [2]: http://article.gmane.org/gmane.comp.encryption.gpg.devel/10425/match=felix+von+leitner Kind regards Alexander E. Fischer
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
