On Mon, 2026-01-05 at 21:36 +0100, Clemens Lang wrote: > Hi, > > > On 2. Jan 2026, at 17:40, Rénich Bon Ćirić <[email protected]> wrote: > > > > I think it's important to take this into account: > > > > https://gnupg.org/blog/20250117-aheinecke-on-sequoia.html > > Quoting: "GnuPG and OpenPGP are extremely mature and basically "done.”” > > https://gpg.fail/ doesn’t look like it’s very “done” to me. > > > Sequoia is a major improvement to the usability of OpenPGP — if you’ve ever > tried to change something about your key (e.g., the expiration date, a user > ID, algorithm preferences, or any other property) you know the user > experience is hard to understand for experts and a nightmare for novice > users. The blog post calls this "inventing new problems and features to > justify competition”, I don’t agree. > > > Sequoia is also written in a memory-safe language, outright avoiding some of > the problems that were reported at gpg.fail. Granted, not all of them. Still, > out of 14 problems, I think Sequoia is affected by 1 or 2? > > > Furthermore, sequoia can be used as a library embedded in other software. For > GnuPG, there was only gpgme, which forked and executed the gpg command line > tool. > > > I guess my point here is: Please read both sides of the schism between IETF > OpenPGP and LibrePGP before choosing sides.
Let me add that this is not a schism between two projects, that is a false representation. As far as I know there is a single entity that support LibrePGP, and there are several people (and implementations) behind OpenPGP. Choosing the OpenPGP is currently the logical choice as it represents a larger and healthier ecosystem, and specifically the sequoia implementation represent a safer implementation under many povs, including security. I wish the situation was not as tense, but it is what it is, we've seen crusades before in the OPen Source ecosystem, this is just one more and will eventually subsides and settle. Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
