Hello, I am now aware there has been a split between the GNUPG and Sequoia-PGP developers.
I read Andre's post here: https://www.gnupg.org/blog/20250117-aheinecke-on-sequoia.html When I discussed the Sequoia-PGP developer's motivations for what they did they said it was for technical reasons which are described here as explained by Neal in an email he sent me: https://archive.fosdem.org/2024/schedule/event/fosdem-2024-3297-sequoia-pgp-rethinking-openpgp-tooling/ Apparently they wanted GNUPG to be more secure, robust, and usable in a way the GNUPG developers did not agree with. It seems there is a disagreement between GNUPG and Sequoia-PGP about the security of GNUPG. GNUPG claims making the changes the Sequoia-PGP developers wanted would risk people's safety in using it--especially the crypto-refresh. Despite GNUPG's disagreements Phil Zimmermann, Micheal Rysiek-Wozniak (former GNUPG endorser), and Debian now are using Sequoia-PGP. Why would these people side with Sequoia-PGP despite the GNUPG team's reservations. What I am confused about is whether I can trust my privacy with the Sequoia Developers. Whether we like it or not Sequoia-PGP is used by Debian, SecureDrop, and even journalists such as Rysiek. These people /organizations do have a major influence in how security and privacy is practiced by important people such as software developers (Debian) and journalists / whisteblowers (Rysiek). What do the GNUPG developers think of this change in direction in the community? I still use GNUPG to protect my privacy when communicating to my friends and family I have no plans to change that but I cannot help but wonder how this shift to Sequoia-PGP will affect my ability to keep using PGP. I thank the GNUPG developers in advance for any responses. Best, Tanveer Salim _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
