On 07/04/2018 10:42 AM, Michał Górny wrote: > 1. I suppose the ECC/cv25519 packets won't change in incompatible manner > at this point.
It being implemented in gnupg-2-2 is a good indication it won't be allowed to change at this point > > 2. Hardware incompatibility issues are not really relevant to us but to > the person using the key. It is relevant to us to the extent of discussion for hardware token for devs > > 3. Developer keys are mostly for internal use, while the majority of > users verify only the infra signatures, so I don't think we have to be > that concerned about interoperability of the algos, provided that it > works for infra purposes. This depends on the discussion of rsync vs git, if you expect end-users to verify git commits from developers directly you require them to use the 2.2 branch, whereby some server users prefer 1.4 for its smaller footprint etc. If we conclude that the git repo is internal and not to be exposed to end-users per se, but distribution happens in curated git or rsync I agree it is not an issue. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
