Post · bonfire.cafe

Post

Relax 😎! GPG is not OpenPGP!

Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or any other #chatmail client because

A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg has not implemented that spec)

Please spread the word that #gpg is not #openpgp ... Thanks!

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 3 hours ago

@delta @rpgp i am unable to access that link right now as it first claims a cert error and then appears to retry but makes no progress

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 3 hours ago

@delta @rpgp great to hear of a good pgp implementation. an identity that can be securely generated with no connection to anyone at all is an incredible power

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 3 hours ago

@delta @rpgp i am currently working on a rust zstd impl (i know one exists, i have an extremely strong critique of it. and it's the final format without a good rust impl we would like to see in the zip crate). in january/feb i hope to demonstrate a rewrite of the rustc build system (no cargo) for bootstrap improvements as well as potential perf goals. if i get to such a prototype i might want to then look at a vastly reduced CI artifact generation pipeline which incorporates pgp signing. i also hope rustc bootstrap improvement would be useful to all rust crypto/build infra codebases

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.40 no JS en

Automatic federation enabled