Jacob Applebaum’s response to Cryptome is such a weaselly, transparent attempt at spin that I have to post it too:

Date: Tue, 8 Apr 2014 13:38:22 +0000
Subject: disinformation about PGP
From: Jacob Appelbaum
To: John Young

Hi John,

I saw your latest leak about Glenn and Jesselyn using PGP to exchange
emails. I did some digging and I think you’ve come to the wrong
conclusion about everything. Actually, I think you are actively being
played by someone to mess with everyone involved.

The speculation about PGP being broken is probably incorrect. It
appears that Jesselyn sent that email to three different email
addresses and the PGP encrypted message on Cryptome is truncated or
tampered with in some fashion to remove evidence of the third key that
was used. Only two of the three email addresses belonged to Glenn. It
was also encrypted to three keys, Glenn, Jesselyn and to a third key
that is run by an unknown hostile party. The third likely belongs to
your leaker/source. The attacker published a PGP key for that address
to confuse people who are trying to communication with Glenn securely.
This clearly confused Jesselyn or her PGP mail client. I do not
believe that this is evidence of her or Glenn being compromised (other
than the social engineering issue at hand) nor is this evidence of PGP
being broken. Rather, it is a user interface security problem with
iPGMail that is quite common with PGP/GnuPG in general.