On 2018-05-20 18:42, Robert J. Hansen wrote: >> What on earth is the point of maintaining >> support for a *known insecure* version of a security tool? > Because each time GnuPG floats the possibility of ending PGP 2.6 > compatibility, there's enough user outrage -- and not enough user > support -- to roll the decision back. I agree that it's pants-on-head > crazy, but it's a crazy demanded by the community.
And if a new version of the tool A does not an old version of tool/spec B, then users of tool A don't upgrade at all if they - for whatever reason - depend on old/broken B. That is even worse. You can only warn, e.g by using orange bars instead of green one for successful verifications. "Correct Signature, but broken" Also, I'd be impossible to read old messages. Another reasons, why some users then might stop updating. We actually have this with the Enigmail 2.0.4 release which no longer decrypts messages without MDC. I bet the users downgrade Enigmail instead of using the commandline tool as suggested on this list. Getting rid of old standards is not easy unfortunately, especially when we have a lot of possible combinations and a distributed system. Sebastian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
