Re: GnuPG 2.4 before Trixie freeze
On 2025-01-10 Frank Guthausen <fg.debian@shimps.de> wrote:
[...]
> I reconstructed the following timeline:
> Debian bullseye hard freeze[1]: 2021-03-12
> According to Upstream[2], GnuPG 2.4 birth: 2021-04-07 (maybe as devel)
Definitely -devel
https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html
2.4.0 was released more than 18 months later in December 2022
https://lists.gnupg.org/pipermail/gnupg-announce/2022q4/000477.html
> Debian bullseye full freeze[1]: 2021-07-17
> First package (2.4.0) in experimental[3]: 2022-12-25
> Debian bookworm hard freeze[4]: 2023-03-12
> Debian bookworm full freeze[4]: 2023-05-24
> Ubuntu 24.04 LTS (Noble Numbat) release[5]: 2024-04
> RNP LibrePGP support[6]: 2024-07-22
> OpenPGP RFC 9580 release[7]: 2024-07-31
> > For example, OpenPGP certificates produced by earlier versions of 2.4
> > and imported into Thunderbird advertised non-standardized encryption
> > mechanisms that Thunderbird didn't support, which led to unreadable
> > mails for those users.
> Is this still a problem with GnuPG 2.4.7? Can this be adjusted by
> changing default configuration in the Debian package? Does it need
> a code patch?
Patch. This is about AEAD OCB.
> Thunderbird seems to use the RNP[8] crypto library which supports
> a cooperative workflow with GnuPG via LibrePGP. Are there patches
> to remove this behaviour in Debian?
[...]
I do not know the current status, but afaik thunderbird (not Debian
specific) configures rnp, version 128 release notes said:
| Disabled support for LibrePGP v5 AEAD/OCB decryption
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Reply to: