https://gpg.fail
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 30 18:05:41 CET 2025
A friend pointed me to the site https://gpg.fail and asked me what I
thought of it. At first I didn't think much of it, but on closer
inspection it seems there may be some legitimate issues in need of
addressing.
See, e.g., https://gpg.fail/detached . I've been able to verify the
bottom line claim here, although I haven't verified their diagnosis.
Others, such as https://gpg.fail/noverify, do not seem to be of
particular concern. (Point blank: if in 2025 you're using GnuPG at the
command line for anything except certificate management, please stop.
Parsing GnuPG's command line output is notoriously difficult. Use GPGME
with language bindings of your choice.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251230/f315386f/attachment.sig>
More information about the Gnupg-users
mailing list