gpgme "Locate engine names only at runtime and prefer GnuPG-2" commit break Android

[Werner Koch]

On Thu, 20 Feb 2014 15:40, dkg at fifthhorseman.net said:

> is including the current directory (.) in this path a good idea?  This
> implies that in the absence of $PATH, the behavior of gpgme will be
> different depending on the directory from which it is invoked.

Actually I thought about this but finally decided that the default Unix
behaviour is the best thing one can do in this case.

> I could imagine this causing problems or opening vulnerabilities when
> gpgme is used (for example) to process user-supplied files from a given
> directory.

It is not different than using gpg directly.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.