[pkg-gnupg-maint] gnupg2-revert-rfc4880bis.patch
NIIBE Yutaka
gniibe at fsij.org
Mon Feb 19 00:30:36 GMT 2024
Andreas Metzler <ametzler at bebt.de> wrote:
> https://src.fedoraproject.org/rpms/gnupg2/blob/rawhide/f/gnupg2-revert-rfc4880bis.patch
>
> What do you think about including this in Debian's 2.4 experimental
> packages?
I'm not sure about the intention of the patch. The option --rfc4880bis
was deprecated by the commit of 4583f4fe2e on 2022-10-31. And the patch
in question reverts the changes. The patch *enables* the use of option
--rfc4880bis again.
If the intention of the patch were stopping use of the specification
RFC4880bis as default, I don't think this reverting is not good (and
incomplete). For me, the reverting is only makes sense when the use of
the option --rfc4880bis itself is important, instead.
IIUC, in 2.4.4, possible interoperability issues (of default) are:
(1) Newly generated key will have preference of "A2" (of AEAD of
RFC4880bis) (line 135 in the particular reverting patch).
(2) gpg command doesn't require --rfc4880bis option to generate
v5 key of RFC4880bis (but only /v5 specifier).
I think (2) wouldn't harm. If the interoperability issue is (1),
another approach is better, I suppose.
My specific concerns are three parts:
* the lines 59 to 76 in the reverting patch.
* the line 84 in the reverting patch.
* the line 92 in the reverting patch.
Are those are really intended?
In my opinion, let us identify the interoperability issues in 2.4.4.
--
More information about the pkg-gnupg-maint
mailing list