Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them
#What is GPGMe?
GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them.
It answers the question of "who is xxx?"
It allows you to be sure that the identities you communicate with over the internet are the same over time, that the person you talked to yesterday is the same person you talked to today, and in todays world THAT is very important.
GPGMe lets YOU specify the opinions you think matter, and achieve a level of trust in the online community that resembles the true state of things.
#How do I get it?
####Clone the repo (the hard way)
git clone https://github.com/gpgme/gpgme.git
cd gpgme
npm install -g
####Or use NPM (the easy way)
npm install -g gpg-me
#How do I use it?
###Create your own GPG.OWNER.TXT file.
gpgme --create
You then need to fill in the appropriate info and sign it with a GPG Key. Once you have done that, 2 files will be created
###Verify somebody elses GPG.OWNER.TXT
gpg --verify --site <hostname>
This command will download, and verify the sites gpg.owner.txt file. It will then tell you if the file is invalid (has been tampered with, is out of date, etc.) or valid. If you don't have the public key in your keyring (likely) it will be downloaded and imported from gpg.block.txt
#License
MIT - See LICENSE for more details.
FAQs
GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them
We found that gpg-me demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.