Closed lambdafu closed 6 years ago
As far as I can tell, this fork of python-gnupg is also vulnerable. However, I couldn't test it, because it didn't work with my version of GnuPG. In any case, this is a heads up. You might consider adding --no-verbose to the cmdline. See https://neopg.io/blog/gpg-signature-spoof/ and https://groups.google.com/forum/#!topic/python-gnupg/2yAlj_F2S1g
--no-verbose
according to this blog post, this project is not vulnerable.
As far as I can tell, this fork of python-gnupg is also vulnerable. However, I couldn't test it, because it didn't work with my version of GnuPG. In any case, this is a heads up. You might consider adding
--no-verbose
to the cmdline. See https://neopg.io/blog/gpg-signature-spoof/ and https://groups.google.com/forum/#!topic/python-gnupg/2yAlj_F2S1g