[pkg-gnupg-maint] gnupg2-revert-rfc4880bis.patch
Alexander Kjäll
alexander.kjall at gmail.com
Thu Feb 29 11:11:01 GMT 2024
> GnuPG 2.2 is reaching its end of life at the end of the year, and APT
> will soon rely on GnuPG 2.4 + git patches to keep its users safe from
> bad decisions, so I'd really like to see 2.4 in unstable and testing
> ASAP as otherwise APT won't be able to deny 1024-bit RSA singatures.
>
> That 1024R deprecation is the reason I picked up 2.4 for Ubuntu 24.04,
> as I could not easily backport the patch to 2.2.
Sorry in advance if this is seen as a bit offtopic, but me and Holger
recently got the sequoia-chameleon-gnupg (
https://packages.debian.org/trixie/sequoia-chameleon-gnupg ) packaged
for Debian and it's designed to be able to be a drop in replacement
for most of gpg's common use cases.
Depending on the gpg-sq or gpgv-sq binary might be a possible solution
for getting good crypto policies in place. for RSA key lengths, but
also for SHA1 deprecation and future crypto development.
The sequoia solution is very configurable in this regard:
https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/
Best regards
Alexander Kjäll
More information about the pkg-gnupg-maint
mailing list