[pkg-gnupg-maint] Bug#982258: Bug#982258: gpgv1: Consider removing parts of the tools which aren't recommended to be used
Russ Allbery
eagle at eyrie.org
Tue Feb 23 22:13:55 GMT 2021
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> for (a) and (c), do we have a sample of a usenet control message
The last articles in:
http://ftp.isc.org/usenet/control/rec/rec.ponds.moderated.gz
are generated in essentially the same way Big Eight control messages are
still currently being generated. (I've been trying to find time to switch
over, but haven't yet.)
> and key that are in use today?
http://ftp.isc.org/usenet/news.announce.newgroups/PGP.PUBLICKEY
and more generally nearly all of the keys in:
https://git.eyrie.org/?p=usenet/control-archive.git;a=tree;f=keys;hb=HEAD
Only a few have been converted to modern keys.
> Is there an estimate of how many of those keys are still relied upon?
Among those still actively issuing control messages (a lot of these
hierarchies have stopped), my guess would be around 5-10.
> Here are some features that it sounds to me like we could "safely"
> remove or disable in gpg1, while encouraging users who needed that
> specific functionality to migrate to modern gpg:
> - secret key generation
> - encryption
> - keyserver and other network access (including auto-key-locate?)
> - certification (aka "keysigning")
> - trust models other than direct (and always)?
None of this is used by the Usenet machinery.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
More information about the pkg-gnupg-maint
mailing list