[Pkg-gnupg-maint] Bug#772780: closed by Daniel Kahn Gillmor <dkg at fifthhorseman.net> (Bug#772780: fixed in gnupg2 2.0.26-4)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Jan 5 15:17:34 UTC 2015

Hi David--

On 01/05/2015 01:21 AM, David Z wrote:
> I don't mean to be a bother to anyone, most especially any gpg devs who
> I have the utmost respect for, but does this mean that the patch is only
> being issued for gnupg2, and not gnupg as the bug was originally filed
> against?

I believe that the issue is already fixed in the gnupg (gpg1) packages
that are targeted for jessie (1.4.18-6) due to an increased secure
memory allotment -- can you confirm?

> Is the proper course of action for users to now migrate to gnupg2 to
> correct the regression originally reported against gnupg due to RSA
> blinding?

I'm trying to focus right now on the jessie release, but if you think
the situation is particularly bad in wheezy itself, we can look into
providing a targeted update for a wheezy point release (though it may
take a little while for that to happen).

Thanks for followup up, David.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150105/4721e33d/attachment.sig>

More information about the Pkg-gnupg-maint mailing list