On Wed, Nov 04, 2020 at 16:30:19 -0500, Eli Schwartz wrote: > Currently pacman assumes gpgme from >= the year 2010, is that sufficient > to read ed25519? (idk, it's shelling out to gpg and thus likely doesn't > care?) Maybe we should bump this anyway in the expectation that requiring > a ~2015 version of gpgme will naturally lead to gpg versions that support > generating such keys.
This change only affects new installations, existing ones will continue
using their rsa2048 (or recently rsa4096) master keys, until they re-run
pacman-key --init.
> > This will also become the default in the next version of GnuPG.
>
> I see such a commit on GnuPG's master branch but not on the stable
> branch. When do you expect this to be released...
Good question, I don't know. The point is that the trend is clearly
towards EdDSA rather than larger RSA. And GnuPG (as well as openssh
etc) need to be conservative, as they must be interoperable with other
or older implementations, pacman doesn't even have that limitation.
Geert
signature.asc
Description: PGP signature
