Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87tsx99i2a.fsf@noux.seestieto.com>
Date: Mon, 29 Dec 2025 21:58:05 +0200
From: Henrik Ahlgren <pablo@...stieto.com>
To: "Lexi Groves (49016)" <contact@....fail>
Cc: jcb62281@...il.com,  oss-security@...ts.openwall.com,  Solar Designer
 <solar@...nwall.com>
Subject: Re: Many vulnerabilities in GnuPG

"Lexi Groves (49016)" <contact@....fail> writes:

> Yes. We found this advice in [The GNU Privacy Handbook, Chapter 1.
> Getting Started, Making and verifying
> signatures](https://www.gnupg.org/gph/en/manual/x135.html):

I'd just like to point out that the GNU Privacy Handbook (GPH) was
published in 1999, and I have not encountered any more recent revisions.
I believe GnuPG did not even support RSA until version 1.0.3 and
AES/Rijndael until version 1.0.4, which were released in 2000, meaning
the handbook exclusively addresses DSA and ElGamal, making it 25 years
out of date.

The GnuPG Manual (https://gnupg.org/documentation/manuals/gnupg/) is
much more current, but sadly it is not structured as a user guide that
would introduce a new user to PGP concepts and best practices, etc.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.