`pip3 install python-gnupg` this installs a fork on github with a high version number that hasn't been updated for 3 years. the fork reference a missing todo file and some of the funcitonality has been removed. it is full of unaddressed issues and pull requests meanwhile the original project on bitbucket has recent updates. not sure if it's on pip or not.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 12, 2021 8:08 PM, Karl <gmkarl@gmail.com> wrote:
`pip3 install python-gnupg` this installs a fork on github with a high version number that hasn't been updated for 3 years.
this fork has a fix for a severe vulnerability related to subprocess execution. (e.g. original sources vulnerable to arbitrary code execution.) i prefer this fork, which also includes the subprocess fixes: git clone https://github.com/isislovecruft/python-gnupg.git cd python-gnupg make install make test note that an alternative approach is to use the GPGME library, ala pygpgme: https://bazaar.launchpad.net/~jamesh/pygpgme/trunk/files best regards,
i'm trying to reply to this email and i keep closing the window while trying. the fork you referenced is the one i was concernde about that hasn't been updated for 3 years. i was wrong about the todo file. we're clearly still trying to make people think that slavers and human traffickers are altering our communications, since we aren't signing our emails and aren't explaining why. On 1/12/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 12, 2021 8:08 PM, Karl <gmkarl@gmail.com> wrote:
`pip3 install python-gnupg` this installs a fork on github with a high version number that hasn't been updated for 3 years.
this fork has a fix for a severe vulnerability related to subprocess execution. (e.g. original sources vulnerable to arbitrary code execution.)
i prefer this fork, which also includes the subprocess fixes:
git clone https://github.com/isislovecruft/python-gnupg.git cd python-gnupg make install make test
note that an alternative approach is to use the GPGME library, ala pygpgme: https://bazaar.launchpad.net/~jamesh/pygpgme/trunk/files
best regards,
participants (2)
-
coderman -
Karl