oss-sec mailing list archives
Re: Many vulnerabilities in GnuPG
From: Collin Funk <collin.funk1 () gmail com>
Date: Tue, 30 Dec 2025 16:07:23 -0800
Henrik Ahlgren <pablo () seestieto com> writes:
Peter Gutmann <pgut001 () cs auckland ac nz> writes:Does anything actually use the cobweb of trust, or do you just assume the key you've got is good because doing anything else is too hard?Perhaps the Debian developer keyring would serve as a compelling example? They even organize actual key-signing parties, which many cryptography experts today appear to regard as "LARPing" or otherwise ridiculous.
Or the Linux kernel [1]. Collin [1] https://www.kernel.org/doc/html/v6.19-rc2/process/maintainer-pgp-guide.html#using-the-kernel-org-web-of-trust-repository
Current thread:
- Re: Many vulnerabilities in GnuPG, (continued)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 30)
- Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
- Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 28)
- Re: Many vulnerabilities in GnuPG Andreas Metzler (Dec 29)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 29)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
- Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
- Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)
- Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 28)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 28)
- Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 29)
- Re: Many vulnerabilities in GnuPG Alan Coopersmith (Dec 30)
- Re: Many vulnerabilities in GnuPG Neal Gompa (Dec 29)