On Thu, Jan 09, 2025 at 07:55:36AM +0100, Stephan Verbücheln wrote: > GnuPG 2.4 was released in 2022, long before the LibrePGP schism. It is > generally not clear to me how the divergence from upstream is a reason > to favor 2.2 over 2.4, except that patches have to be ported (once?). > > I also do not understand what is wrong/lacking with the already patched > versions in Experimental and Ubuntu. > > https://packages.debian.org/experimental/gnupg > > https://packages.ubuntu.com/noble/gnupg > https://packages.ubuntu.com/oracular/gnupg
This is being tracked in https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2090995 and you can see we picked more patches in plucky to align with the broader ecosystem to revert the dangerous changes in default generation of rfc4880bis keys. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
signature.asc
Description: PGP signature
