Hacker Newsnew | past | comments | ask | show | jobs | submit | KooBaa's commentslogin

Of course it does, and all released software and tarballs as well.


The 12 vulnerabilities mentioned in “gpg fail” are somewhat exaggerated.

Here you can find a reply from GnuPG: https://www.openwall.com/lists/oss-security/2025/12/29/9

And btw, it was mentioned in the talk that GnuPG does not sign commits. That’s just wrong. Everything, including the release tarballs, is signed.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: