On 15/01/2026 11:19, Nutchanon Wetchasit via Gnupg-users wrote:
I'm specifically using GPG 1.4 [1] and I have recently instructed someone with vintage system (Windows XP) to install GPG 1.4 because software he uses doesn't work with newer GPG series; so I have some pointers to give.
If that Windows XP machine is connected to the internet, running gnupg on it is pure security theatre. You should assume that it is pwned already, that any secret keys are leaked, and that it's part of at least one botnet.
Software do not rot like milk and meat do; old software means it's time-tested, and timeless software that work through ages are good software.
Software does not need to rot, because it is already broken. All code of any nontrivial complexity is broken in some way - the only variables are a) how exactly it is broken and b) who finds out first, you or the bad guys. If you don't upgrade your software regularly, the likelihood that an attacker knows a security vulnerability that you have not fixed approaches 1 *very fast*, and anything connected to the internet will be subject to multiple hacking attempts *per minute* by multiple attackers in parallel. Even an airgapped system can't fully protect you if you're copying untrusted files across the gap and using outdated security software to check them.
In my eyes, ideal version of software is the version that is good enough for me to continue using it for the rest of my life.
I understand your frustration, because many software vendors don't offer bugfix support for older versions and force you through painful UX changes and compatibility breaks just to get security fixes. But it is also unreasonable to ask software vendors to support every old version of their code in perpetuity. You *must* upgrade your software, no matter how painful it is.
GnuPG: 1.4.12 (Debian) System: Debian GNU/Linux 7.0 "Wheezy" i386
You connected a Wheezy machine to the internet as well? Please, *please* upgrade your OS right now. Ten years out-of-date operating systems are *not secure*. Until you're running a fully-patched system, any discussion of cryptography is a waste of your time.
A _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
