aah makes sense. thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1409117
Title: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM Status in GNU Privacy Guard: Unknown Status in gnupg package in Ubuntu: Fix Released Status in gnupg2 package in Ubuntu: Fix Released Status in gnupg source package in Lucid: Confirmed Status in gnupg2 source package in Lucid: Confirmed Status in gnupg source package in Precise: Confirmed Status in gnupg2 source package in Precise: Confirmed Status in gnupg source package in Trusty: Confirmed Status in gnupg2 source package in Trusty: Confirmed Status in gnupg source package in Utopic: Confirmed Status in gnupg2 source package in Utopic: Fix Released Status in gnupg source package in Vivid: Fix Released Status in gnupg2 source package in Vivid: Fix Released Status in gnupg package in Debian: Unknown Bug description: The patch from http://bugs.gnupg.org/gnupg/issue1579 is critical and should be backported to 12.04; right now, it is not. This leaves 12.04 users of GPG2 vulnerable to MITM attacks on gpg2 --recv-keys. See https://evil32.com/ for an example (the text that is striked out; the gpg2 package on 12.04 is still vulnerable). To manage notifications about this bug go to: https://bugs.launchpad.net/gnupg/+bug/1409117/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
