I don't mean to be a bother to anyone, most especially any gpg devs who I have the utmost respect for, but does this mean that the patch is only being issued for gnupg2, and not gnupg as the bug was originally filed against?
Is the proper course of action for users to now migrate to gnupg2 to correct the regression originally reported against gnupg due to RSA blinding? On 01/04/2015 07:06 PM, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the gnupg package: > > #772780: gnupg: "out of secure memory" even with only 4096-RSA keys when > using addkey in --edit-key interface > > It has been closed by Daniel Kahn Gillmor <d...@fifthhorseman.net>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Daniel Kahn Gillmor > <d...@fifthhorseman.net> by > replying to this email. > > [snip] >Source: gnupg2 >Source-Version: 2.0.26-4 > >We believe that the bug you reported is fixed in the latest version of >gnupg2, which is due to be installed in the Debian FTP archive.
signature.asc
Description: OpenPGP digital signature
