Comment 2 for bug 1432516

After 2 more weeks (so that it is now 11 weeks)
without any response from HPLIP upstream
I still hope HPLIP upstream might finally get
a tiny bit of interest in solving their security issues.

From our (SUSE) security experts I got the following
suggested patch against the latest HPLIP 3.15.6:
==============================================================
--- hplip-3.15.6/base/validation.py
+++ hplip-3.15.6/base/validation.py
@@ -42,7 +42,7 @@ class DigiSign_Verification(object):

 class GPG_Verification(DigiSign_Verification):
- def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9):
+ def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9):
         self.__pgp_site = pgp_site
         self.__key = key
         self.__gpg = utils.which('gpg',True)
==============================================================
This should address this particular vulnerability (only).
Basically, use 0xlong key ID, short of shipping the key
or full fingerprint.