BlogFlockcritical security bug" in recent GnuPG releases.
A crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack buffer overflow in gpg-agent during the PKDECRYPT--kem=CMS handling. This can easily be used for a DoS but,…
While it was clear to the GNU Toolchain leadership that requirements were coming to improve the toolchain cyber-security posture, these requirements…
What is the opposite of criticism?
On a lead from a friend, I followed a thread from this patent to its author, Brian Dear (another friend), then to his about page, his old blog, his BlueSky tweetings, his bandcamp page, his lettrboxd page, then to…
Preach!
Because you haven't yet heard everything about Fernando Mendoza and the Indiana Hoosiers, I give you Mason Whitlock's take.
Snow 'nuf
My watch told me it was minus-1° when I woke up this morning, just like it was a year ago today. There's 14.5" of snow on the…
The GNU Privacy Guard (GPG) project decided to break from the OpenPGP standard for email encryption in 2023, and instead adopted its own homegrown LibrePGP specification. The GPG 2.4 branch, the last one to adhere to OpenPGP, will be reaching the end of life in mid-2026. The Fedora project is…
Curl creator Daniel Stenberg has written a blog post explaining why the project is ending its bug-bounty program, which started in April 2019:
The never-ending slop submissions take a serious mental toll to manage and sometimes also a long time to debunk. Time and energy that is completely wasted while…