[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[OT] Fwd: PGP/GnuPG unsecure, should be replaced?

Para la información de quienes tengan interés.

-------- Mensaje reenviado --------
Asunto: PGP/GnuPG unsecure, should be replaced?
Resent-Date: Fri, 19 Jul 2019 11:42:34 +0000 (UTC)
Resent-From: debian-security@lists.debian.org
Fecha: Fri, 19 Jul 2019 13:34:47 +0200
De: Stephan Seitz <stse+debian@fsing.rootsland.net>
Organización: Minas Tirith, Gondor
Para: debian-security@lists.debian.org


I found the following article about PGP/GnuPG:

In short you should drop GnuPG because it doesn’t do anything really the right way. It should be replaced with different tools for different situations.

Debian is using GnuPG for signing files. From the article:

Signing Packages

Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
OpenBSD uses to sign packages. It’s extremely simple and uses modern signing. Minisign, from Frank Denis, the libsodium guy, brings the same design to Windows and macOS; it has bindings for Go, Rust, Python, Javascript, and .NET; it’s even compatible with Signify.

What do you think?

Shade and sweet water!


| Public Keys: http://fsing.rootsland.net/~stse/keys.html |

Errar es de humanos, pero es mas humano culpar a los demás

Reply to: