1. 18 Jun, 2018 3 commits
    • anarcat's avatar
    • anarcat's avatar
      prepare 2.2.4 · 4601c1c2
      anarcat authored
    • anarcat's avatar
      CVE-2018-12020: add no verbose to avoid fake signatures · c917fa80
      anarcat authored
      The SigSpoof vulnerability found in GnuPG also affects Monkeysign, but
      in a lesser way. We check signatures only in one place: when we import
      images. This is a corner use case that is probably quite uncommon and
      since it requires access to the file in itself, it's likely there are
      already other ways to import arbitrary signatures into monkeysign.
      Still, we play it safe and disable the "verbose" mode that can
      possibly be enabled in `gnupg.conf` as recommended by the reporter,
      Marcus Brinkmann.
  2. 21 Apr, 2018 1 commit
  3. 20 Nov, 2017 1 commit
  4. 24 Jan, 2017 6 commits
  5. 15 Jan, 2017 1 commit
  6. 13 Jan, 2017 1 commit
  7. 07 Jan, 2017 1 commit
  8. 15 Dec, 2016 2 commits
  9. 21 Nov, 2016 1 commit
  10. 31 Oct, 2016 4 commits
  11. 28 Oct, 2016 1 commit
    • simonft's avatar
      Merge branch 'codes' into '2.x' · 93f9ab53
      simonft authored
      code of conduct, patches guidelines and glossary
      a few changes to the contributing documentation to adopt the code of conduct (#54), clarify patches guidelines and refer to the modernPGP website.
      See merge request !18
  12. 27 Oct, 2016 1 commit
  13. 26 Oct, 2016 3 commits
    • anarcat's avatar
      refer to modernPGP manuals · 06ae37eb
      anarcat authored
      instead of rewriting our own, try to diverge this effort to a standard, even though that is far from complete
    • anarcat's avatar
      patches merging guidelines · f66dcd89
      anarcat authored
      we try to tell people what is a good patch, and also try to enforce reviews
      this is part of the C4 RFC, which was found to be too complex to use directly
    • anarcat's avatar
      adopt covenant code of conduct · 9df8a338
      anarcat authored
      there was no objections to the code on the mailing list or the issue
      tracker. i wish there was more feedback, but i prefer to commit to
      this than wait longer for responses that may never come.
      we also add the email addresses of two volunteers that stepped forward
      for enforcement.
      Closes: #54
  14. 19 Oct, 2016 6 commits
  15. 18 Oct, 2016 8 commits