Hi David-- On 01/05/2015 01:21 AM, David Z wrote: > I don't mean to be a bother to anyone, most especially any gpg devs who > I have the utmost respect for, but does this mean that the patch is only > being issued for gnupg2, and not gnupg as the bug was originally filed > against?
I believe that the issue is already fixed in the gnupg (gpg1) packages
that are targeted for jessie (1.4.18-6) due to an increased secure
memory allotment -- can you confirm?
> Is the proper course of action for users to now migrate to gnupg2 to
> correct the regression originally reported against gnupg due to RSA
> blinding?
I'm trying to focus right now on the jessie release, but if you think
the situation is particularly bad in wheezy itself, we can look into
providing a targeted update for a wheezy point release (though it may
take a little while for that to happen).
Thanks for followup up, David.
--dkg
signature.asc
Description: OpenPGP digital signature
