[Gpg4win-devel] Windows Installer, rebuild necessary because of NSIS improvement?

Bernhard Reiter bernhard at intevation.de
Fri Dec 4 09:52:23 CET 2015


Hi Paul, Andrej,

sending this email to you, because you were in contact
with us about Claws and Gpg4win this year before.

You have probably seen our security advisory about a weakness in the installer
we are using:  https://www.gpg4win.de/news-20151125.html
Because your installer for Windows is based on ours 
I guess you should consider the info in the advisory
and do a rebuild with the patches if you have not done so.

Note that we will also change our install instructions to advise users 
to use a fresh directory or a full Administrator account to install Gpg4win
to avoid these problems on a more principal level.

Best Regards,
Bernhard
ps.: Do you have reports about Claws working fine with our latest Gpg4win 
2.3.0? Would be interesting for us. :)
pps.: I'm sending a copy to your users list, though I am not subscribed, I 
briefly checked our tracker and the list for signs of this already being 
mentioned before my email.



-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20151204/04ca5041/attachment.sig>


More information about the Gpg4win-devel mailing list