I think that with the gnupg developer having left the development of the OpenPGP standard, and Debian switching to the sequoia, there will be a graceful shift away from gnupg, and towards the newer versions of OpenPGP that deprecate a lot of the convoluted and insecure parts that old versions of gnupg/openpgp were rightfully criticized for.
fos...@posteo.de transcribed 0.5K bytes on 10-Aug-2025 14:35: > Hello Debian Security Team, > > Since Debian is a major Linux distribution I want to ask why > > software developers continue to digitally sign their code an > > software packages with GNUPG when there are simpler alternatives > > such as minisign (https://jedisct1.github.io/minisign/), signify, or age > (https://github.com/FiloSottile/age). > > PGP has been criticized for its being difficult to use by other > > cryptographers: > > https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ > > I thank all responses in advance! > > Best, > > Tanveer Salim >
