oss-sec mailing list archives

Re: Many vulnerabilities in GnuPG

From: Henrik Ahlgren <pablo () seestieto com>
Date: Wed, 31 Dec 2025 00:14:32 +0200

Peter Gutmann <pgut001 () cs auckland ac nz> writes:

Does anything actually use the cobweb of trust, or do you just assume the key
you've got is good because doing anything else is too hard?


Perhaps the Debian developer keyring would serve as a compelling
example? They even organize actual key-signing parties, which many
cryptography experts today appear to regard as "LARPing" or otherwise
ridiculous.

Current thread:

Re: Many vulnerabilities in GnuPG, (continued)
- - - Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
    - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
    - Re: Many vulnerabilities in GnuPG Sam James (Dec 30)
    - Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 30)
  - Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
- Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 28)
  - Re: Many vulnerabilities in GnuPG Andreas Metzler (Dec 29)
  - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 29)
    - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
    - Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
    - Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)
    - Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
  - Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 28)
  - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 28)
    - Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 29)
    - Re: Many vulnerabilities in GnuPG Alan Coopersmith (Dec 30)
    - Re: Many vulnerabilities in GnuPG Neal Gompa (Dec 29)