[arch-general] gnupg 2.1 not stable

Levente Polyak anthraxx at archlinux.org
Wed Dec 17 17:05:22 UTC 2014


besides the "upstream stable release" discussion (which i will leave out
here) i have two small questions:

On 12/17/2014 03:03 PM, Ido Rosen wrote:
> On the gnupg-devel mailing list I've seen a few
> potentially serious security issues with it.

No offense, but out of interest:
Could you please point them out with some references and links what
exactly you consider "potentially serious security issues" on that
mailing list?
If its something that was not noticed to be potentially a serious
security issue, did you raise awareness about that on the list or
privately to the dev?

On 12/17/2014 05:28 PM, Ido Rosen wrote:
> [...] Someone made
> a mistake in upgrading to 2.1, so let's correct the mistake by
> downgrading back until it's safe, rather than leaving all of Arch's
> users at great security risk.

out of curiosity, what exactly and specifically do you consider a "great
security risk" in 2.1. I would appreciate if you provide a concrete
reference in 2.1 what you mean with "great security risk".

thanks in advice,
cheers,
Levente

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20141217/029aeef3/attachment.bin>


More information about the arch-general mailing list