[OT] Fwd: PGP/GnuPG unsecure, should be replaced?
Para la información de quienes tengan interés.
-------- Mensaje reenviado --------
Asunto: PGP/GnuPG unsecure, should be replaced?
Resent-Date: Fri, 19 Jul 2019 11:42:34 +0000 (UTC)
Resent-From: debian-security@lists.debian.org
Fecha: Fri, 19 Jul 2019 13:34:47 +0200
De: Stephan Seitz <stse+debian@fsing.rootsland.net>
Organización: Minas Tirith, Gondor
Para: debian-security@lists.debian.org
Hi!
I found the following article about PGP/GnuPG:
https://latacora.singles/2019/07/16/the-pgp-problem.html
In short you should drop GnuPG because it doesn’t do anything really the
right way. It should be replaced with different tools for different
situations.
Debian is using GnuPG for signing files. From the article:
Signing Packages
Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
OpenBSD uses to sign packages. It’s extremely simple and uses modern
signing. Minisign, from Frank Denis, the libsodium guy, brings the same
design to Windows and macOS; it has bindings for Go, Rust, Python,
Javascript, and .NET; it’s even compatible with Signify.
What do you think?
Shade and sweet water!
Stephan
--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
--
Errar es de humanos, pero es mas humano culpar a los demás
Reply to: