Hello everyone As you probably know, Debian relies heavily on GnuPG for various purposes, including: - developer communication - signing of tarballs and patches - automated processes such as update validation by APT
The OpenPGP Working Group at IETF is currently working on a new standard. https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/ Due to different opinions, some people (including notably the GnuPG team) have quit the IETF Working Group and proposed their own LibrePGP standard. https://librepgp.org/ Notably remaining in the IETF Working Group are people from Proton Mail (maintaining OpenPGP.JS) and Sequoia PGP (free implementation in Rust). The disagreements are about details such as algorithms and file formats which make both standards incompatible. How can Debian deal with this? Should Debian intervene to prevent the worst? Regards Stephan
signature.asc
Description: This is a digitally signed message part