Hi, Personal view here. Stephan Verbücheln <verbuecheln@posteo.de> wrote on 14/12/2023 at 11:29:17+0100: > [[PGP Signed Part:No public key for 603542590A3C7C62 created at 2023-12-14T11:29:17+0100 using EDDSA]] > Hello everyone > > As you probably know, Debian relies heavily on GnuPG for various > purposes, including: > - developer communication > - signing of tarballs and patches > - automated processes such as update validation by APT > > The OpenPGP Working Group at IETF is currently working on a new > standard. > > https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/ > > Due to different opinions, some people (including notably the GnuPG > team) have quit the IETF Working Group and proposed their own LibrePGP > standard. > > https://librepgp.org/ > > Notably remaining in the IETF Working Group are people from Proton Mail > (maintaining OpenPGP.JS) and Sequoia PGP (free implementation in Rust). > > The disagreements are about details such as algorithms and file formats > which make both standards incompatible. > > How can Debian deal with this? By doing nothing. > Should Debian intervene to prevent the worst? No. -- PEB
Attachment:
signature.asc
Description: PGP signature