Tim Connors via luv-main <luv-main@luv.asn.au> writes:
On Mon, 11 Apr 2016, Trent W. Buck via luv-main wrote:
Russell Coker via luv-main <luv-main@luv.asn.au> writes:
On Fri, 8 Apr 2016 01:41:40 PM Trent W. Buck via luv-main wrote:
Why does everyone still use gnupg 1.x ?
'cause that's what's in Debian?
Both are, since forever.
dput depends on gnupg. torbrowser-launcher depends on gnupg. python-gnupginterface depends on gnupg (>= 1.2.1).
If you have gnupg and gnupg2 installed then the gpg command defaults to version 1.x. You can't uninstall gnupg if you are a DD, if you use Tor, or if that python library is something you need.
These were in my mind as "everyone" when I asked.
Want to file an RC (security?) bug to them?
AFAIK gnupg1 is still maintained by the gnupg people. I'm just going on the assumptions that: * "stable" sounds a lot better than "classic"; and * EC is cool now. Oh, also I guess that split-out libgcrypt in 2.x is used in other stuff, like xwayland and ntfs-3g and wireshark... IIRC the main argument *AGAINST* 2.x for apt, is that you can't install gnupg2 without also installing gnupg-agent. And nobody wants that on all their routers and phones. I hoped https://www.gnupg.org/faq/gnupg-faq.html would have a section like "Why Should I Use Stable (not Classic)?", but I can't find it.