anarcat
commented
6 years ago according to this blog post, this project is not vulnerable.
Closed lambdafu closed 6 years ago
anarcat
commented
6 years ago according to this blog post, this project is not vulnerable.
As far as I can tell, this fork of python-gnupg is also vulnerable. However, I couldn't test it, because it didn't work with my version of GnuPG. In any case, this is a heads up. You might consider adding
--no-verboseto the cmdline. See https://neopg.io/blog/gpg-signature-spoof/ and https://groups.google.com/forum/#!topic/python-gnupg/2yAlj_F2S1g