Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Soatok Dreamseeker @soatok@furry.engineer

12/30/2025, 1:17:06 PM

Public

We should talk about Werner Koch's response https://gpg.fail on the oss-security mailing list.

https://www.openwall.com/lists/oss-security/2025/12/29/9

Yes, and actually the only serious bug from their list.

Koch either didn't watch the talk, he is in such defense of his own ego that he can't see how serious the bugs were, or he's tacitly admitting that PGP is not a serious recommendation.

Can you distinguish between these three explanations?

Could it be all of them are true?

Impact

While this may allow remote code execution (RCE), it definitively causes memory corruption.
Good research.

I think this sarcastic quip is what reveals Werner Koch's opinion about the security researchers and their work.

The rest of his email is measured (and partly responding to other mailing list participants rather than the disclosure directly).

gpg.fail

Soatok Dreamseeker @soatok@furry.engineer

12/30/2025, 1:27:42 PM

Public

I think 2026 should be the year that we make PGP irrelevant.

Not just GnuPG (Koch's implementation), but the entire OpenPGP ecosystem.

Most cryptographers I talk to gave up on PGP over a decade ago.

(After seeing the arrogance and dismissiveness that bled through Koch's oss-security email, who can blame them?)

If you're a country whose government mandates the use of PGP, even in obscure places, let's talk about how to replace PGP.

If you have a fediverse account, you can quote this note from your own instance. Search https://furry.engineer/users/soatok/statuses/115808748322802252 on your instance and quote it. (Note that quoting is not supported in Mastodon.)