the safety of gnupg
Bruno Wolff III
bruno at wolff.to
Thu Jun 1 03:23:05 UTC 2006
On Thu, Jun 01, 2006 at 12:23:49 +0930,
Tim <ignored_mailbox at yahoo.com.au> wrote:
> One of the points raised was: "What's the point in open source if it
> doesn't actually get examined?" We tend to take a lot of things on
> faith, and we often have to. How many of us can vet someone else's
> source? One argument I see put forward about PGP, et al, is that
> anybody who had found a flaw would be proudly crowing about it, but
> nobody has so far. Though that's countered by anyone who'd found a flaw
> because they wanted to exploit it, would be keeping it to themselves.
gpg does get looked at. A few months ago someone found a significant
problem with the way it checked signatures.
More information about the fedora-list
mailing list