https://bugs.kde.org/show_bug.cgi?id=385687
--- Comment #2 from Andre Heinecke <aheine...@intevation.de> --- I don't think that any of the issues raised here are a big (or any) security concern. Because mails are only ever valid if the corresponding root certificate is trusted. If you only have trustworthy root certificates (as you should) which work in your infrastructure you don't have any problem. The whole concept of GPGSM is not to trust any root certificates by default and leave it to Administrators to make the decision which roots they trust. And if they trust a root that does MD5 Signatures,.. well ok. Maybe GPGSM should no longer allow that by default. We'll look into it but so far I don't see any critical priority problem here. -- You are receiving this mail because: You are watching all bug changes.
