On Sun, 20 May 2018 02:26:47 -0400 "Robert J. Hansen" <r...@sixdemonbag.org> wrote:
> Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. You may find it worth reading. You may also not. Your > mileage will probably vary. :) > > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 > Thank you for the postmortem. I don't know any users of GnuPG who still have to work with non-MDC OpenPGP messages (frankly, don't know any GnuPG users IRL, but working on it). But it seems to me that GnuPG is so widely widespread because it was so stable and there was no breaking upgrades, so users didn't expect any breaking change at all. I, as a user, don't need support for non-MDC messages and surely PGP 2.6, but I can imagine how challenging it can be to upgrade a system, which was state-of-the-art years ago, but right now is obsolete. Really it's not an upgrade, but rebuild from the scratch. And some parts of the system are probably proprietary, so cooperation from vendors is required. And the fact that obsolete features weren't dropped due to users feedback means that GnuPG upstream understands this too. But something has to change, it can't go like this forever, we do need breaking changes to remove outdated parts. I trust upstream's judgement. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users