* Brian M. Carlson wrote: > The version in sarge[0] is vulnerable to a bug about data loss > because of data encrypted to the wrong key (299814) and a security > bug about using gnupg as an oracle in automated environments > (300859). The latter bug affects sid too. Looks like James is no longer interested in maintaining gnupg. He doesn't respond to bugreports, and he also didn't respond to mails from the release managers where they asked him if a newer version of gnupg should get pushed into sarge. So, how to proceed? > I really don't care what suggestion you take, or even if you ignore > me completely, but I think it would be good if the bugs got fixed, > especially since gnupg is a rather important package and this will > get us two bugs closer to release. 1.2.5-3 is not what we want to have in our next release. Norbert
Attachment:
signature.asc
Description: Digital signature