[pkg-gnupg-maint] Bug#1071552: Bug#1071552: gnupg: Please upgrade GnuPG >= 2.4.4, current GnuPG break Emacs's EasyPG
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon May 27 05:19:28 BST 2024
Control: affects 1071552 + emacs-el
Control: retitle 1071552 GnuPG 2.2.42+ breaks emacs' EasyPG
On Tue 2024-05-21 13:05:02 +0900, Youhei SASAKI wrote:
> Package: gnupg
> Version: 2.2.43-6
> Severity: critical
I see that Andreas has reduced the severity of 1071552 from 'critical'
to 'important'. I think that the bugs we're seeing with easypg are
pretty severe. I would personally mark this bug report "serious",
because i think it is unfit to be merged into testing until the package
can work correctly with EasyPG.
> Current GnuPG package, version 2.2.43, brek Emacs's EasyPG.
> We are no longer able to store encrypted files completely.
>
> Well-kown issue: https://github.com/emacs-mirror/emacs/blob/master/etc/PROBLEMS
> --- quote ---
> *** Saving a file encrypted with GnuPG via EasyPG hangs.
>
> This is known to happen with GnuPG v2.4.1. The only known workaround
> is to downgrade to a version of GnuPG older than 2.4.1, or upgrade to
> version 2.4.4 and newer, which reportedly solves the problem. Note
> that GnuPG v2.2.42 and later also has this problem, so you should also
> avoid those later 2.2.4x versions; v2.2.41 is reported to work fine.
> --- quote ---
>
> See also https://dev.gnupg.org/T6481
>
> Please upgrade GnuPG >= 2.4.4 or newer.
I don't think this is a reasonable solution as of how the 2.4.x branch
is designed right now, and the fact that upstream doesn't appear to
intend the 2.4.x series as a long-term support series either. My
understanding is that the upstream 2.4.x packages of GnuPG (which are
visible in experimental today) introduce potentially serious
incompatibilities into the OpenPGP ecosystem, and i don't think it's
reasonable for debian to ship those versions until they are producing
things that are compatible with most other OpenPGP implementations.
Sadly, GnuPG upstream appears to be abandoning the OpenPGP standard, and
despite reasonable attempts to convince them to interoperate, i don't
see that changing.
Would anyone be willing to try to backport the patches from upstream's
fixes for T6481 to the 2.2.x series?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20240527/37525d05/attachment.sig>
More information about the pkg-gnupg-maint
mailing list