[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Reaction to potential PGP schism

Hello everyone

As you probably know, Debian relies heavily on GnuPG for various
purposes, including:
- developer communication
- signing of tarballs and patches
- automated processes such as update validation by APT

The OpenPGP Working Group at IETF is currently working on a new


Due to different opinions, some people (including notably the GnuPG
team) have quit the IETF Working Group and proposed their own LibrePGP


Notably remaining in the IETF Working Group are people from Proton Mail
(maintaining OpenPGP.JS) and Sequoia PGP (free implementation in Rust).

The disagreements are about details such as algorithms and file formats
which make both standards incompatible.

How can Debian deal with this? Should Debian intervene to prevent the


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: