I can't tell for sure for not having read the paper, but it sounds like too much hype for vulnerabilities not so important:
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060317.html https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html (Werner being the maintainer of GnuPG) So I wouldn't worry about (but why not disable automatic decryption/verification of incoming emails in the meantime, doesn't cost much) On 05/14/2018 10:33 AM, [email protected] wrote: > I know that right now details are sketchy but the advice of disabling PGP is > sound at least until we get to know more information, especially since it's > coming from reputable researchers and the EFF (links below but I guess > everybody here already knows about that), so obviously that there is ground > for worry. > > Do any of the Qubes users or devs know more at present about this issue or > have advice to provide, aside from waiting for the publication of the > research paper tomorrow morning (15th of May) and stopping using Split-GPG > for the time being as a precaution? > > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now > > https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/ > > Thanks. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/55413b21-14d9-b470-37c1-55433c1db6cf%40leo.gaspard.ninja. For more options, visit https://groups.google.com/d/optout.
