Re: PGP/GnuPG unsecure, should be replaced?

To: debian-security@lists.debian.org
Subject: Re: PGP/GnuPG unsecure, should be replaced?
From: Pieter le Roux <pgp@myleroux.net>
Date: Thu, 25 Jul 2019 18:31:34 +1200
Message-id: <[🔎] 5e56f5a5-7ebf-800c-a483-c6384e0b046e@myleroux.net>
In-reply-to: <[🔎] 20190719T132902.GA.b9b61.stse@fsing.rootsland.net>
References: <[🔎] 20190719T132902.GA.b9b61.stse@fsing.rootsland.net>

Good idea! Change something because it works!
Any change we can make it part of systemd?

My emoticon for being sarcastic:
OO|OO

On 19/07/19 11:34 PM, Stephan Seitz wrote:
> Hi!
>
> I found the following article about PGP/GnuPG:
> https://latacora.singles/2019/07/16/the-pgp-problem.html
>
> In short you should drop GnuPG because it doesn’t do anything really
> the right way. It should be replaced with different tools for
> different situations.
>
> Debian is using GnuPG for signing files. From the article:
>
> Signing Packages
>
> Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
> OpenBSD uses to sign packages. It’s extremely simple and uses modern
> signing. Minisign, from Frank Denis, the libsodium guy, brings the
> same design to Windows and macOS; it has bindings for Go, Rust,
> Python, Javascript, and .NET; it’s even compatible with Signify.
>
> What do you think?
>
> Shade and sweet water!
>
>     Stephan
>

Reply to:

Follow-Ups:
- Re: PGP/GnuPG unsecure, should be replaced?
  - From: Volker Birk <vb@pep-project.org>

References:
- PGP/GnuPG unsecure, should be replaced?
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>

Prev by Date: Contact me for details
Next by Date: Re: PGP/GnuPG unsecure, should be replaced?
Previous by thread: Re: PGP/GnuPG unsecure, should be replaced?
Next by thread: Re: PGP/GnuPG unsecure, should be replaced?
Index(es):
- Date
- Thread