EdDSA Verification Bug - Clarification on Format 2 Verification Failure
Sam James
sam at gentoo.org
Thu Jan 15 04:59:18 CET 2026
Zachary Fogg <zach.fogg at gmail.com> writes:
> i've never found a security bug before and am new to the field, just tinkering with my own code only. i just happened to
> be coding on my project and found the bug and thought i'd tell the developers. i didn't think to check for a security
> policy, i just wanted to confirm it's a bug and get it fixed so my project will work. i'll submit a bug through the
> security policy, thanks.
I don't think there's a point in doing it now. I was more curious as to
why you didn't, because you called it a security bug in
https://github.com/zfogg/ascii-chat/issues/92.
You've already made the developers aware (and it's public), so if it is
a security issue, there is no benefit to reporting it that way now. I
was just noting it for future.
>
> On Wed, Jan 14, 2026 at 5:42 PM Sam James <sam at gentoo.org> wrote:
>
> Zachary Fogg via Gcrypt-devel <gcrypt-devel at gnupg.org> writes:
>
> > **In-Reply-To:** <response from NIIBE Yutaka on Oct 22, 2025>
> >
> > Hi NIIBE Yutaka,
> >
> > Thank you for your response on October 22! I apologize for the delay - I am new to the list and didn't receive your
> email
> > until I checked the web archives today.
>
> Out of interest..
>
> GnuPG's security policy is at
> https://gnupg.org/documentation/security.html. Is there a reason you
> don't seem to have followed that?
>
> > [...]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 418 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20260115/12db2607/attachment.sig>
More information about the Gcrypt-devel
mailing list