On Tue, Apr 12, 2016 at 11:33:17AM +1000, Trent W. Buck via luv-main wrote:
Tim Connors via luv-main <luv-main@luv.asn.au> writes:
Want to file an RC (security?) bug to them?
AFAIK gnupg1 is still maintained by the gnupg people.
It is, but most of the dev work is handled by either DKG or David Shaw these days, while Werner concentrates on 2.0 and 2.1.
I'm just going on the assumptions that:
* "stable" sounds a lot better than "classic"; and
But "modern" is more fun! ;)
* EC is cool now.
Also not entirely proven, but hopefully that will come with time.
Oh, also I guess that split-out libgcrypt in 2.x is used in other stuff, like xwayland and ntfs-3g and wireshark...
IIRC the main argument *AGAINST* 2.x for apt, is that you can't install gnupg2 without also installing gnupg-agent. And nobody wants that on all their routers and phones.
Most of the arguments against gpg-agent aren't actually against gpg-agent, they're against pinentry, which is what people see. So there has been work on improving the ncurses and tty interfaces (and an Emacs specific one) to address that. The design of both for 2.0 was a bit crap and the major reason I skipped "Stable" entirely. The design and use for 2.1 is *much* better. For someone like you, Russell or Rick, I *highly* recommend making an /opt/gnupg or something and compiling 2.1 to have a play with it where it won't screw with anything essential just in case to see what I mean.
I hoped https://www.gnupg.org/faq/gnupg-faq.html would have a section like "Why Should I Use Stable (not Classic)?", but I can't find it.
Classic is still good for servers and things where you want something entirely self-contained with no dependencies beyond your compiler. Regards, Ben