-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace GnuPG with Sequoia #1618
Comments
Neither support smartcard, don't they?
Lines 29 to 49 in 05289c0
Not aware of any decompression being possible in currently configured/compiled gpg2.
Where/How is it used under GUI ops under Heads? Discussion
|
It is though smartcard cradle. |
Is your feature request related to a problem? Please describe.
GnuPG is a large amount of legacy C code that operates on untrusted input.
Describe the solution you'd like
Use Sequoia instead. Only signature verification is needed.
Describe alternatives you've considered
Use a different tool for verifying signatures, such as signify or ssh-keygen.
Additional context
GnuPG has known bugs and will decompress data in the signature, creating extra attack surface.
The text was updated successfully, but these errors were encountered: