Mailing List Archive: Only GnuPG 2.2.x in Debian Bookworm?

Only GnuPG 2.2.x in Debian Bookworm?

Dec 10, 2022, 1:21 PM

Post #1 of 6 (391 views)

Hello!
Debians next release Bookworm is scheduled for mid 2023 an the first deadlines are approaching in January.
I am only a user, but I wonder why they stick to the 2.2-series and do not jump to the 2.3-builds as they have many new algorithms and should be quiet stable after all the Point-releases. But even sid is still at 2.2 so there is no sign of an update.
If Debian Bookworm releases with 2.2.x users will not be able to use the new AE- and EC-algorithms unless 2.3.x will appear in backports.
Any ideas?
Karel

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Only GnuPG 2.2.x in Debian Bookworm? [ In reply to ]

kloecker at kde

Dec 11, 2022, 4:19 AM

Post #2 of 6 (389 views)

Permalink

On Samstag, 10. Dezember 2022 22:21:51 CET Karel van Gruiten via Gnupg-users
wrote:
> Debians next release Bookworm is scheduled for mid 2023 an the first
> deadlines are approaching in January. I am only a user, but I wonder why
> they stick to the 2.2-series and do not jump to the 2.3-builds as they have
> many new algorithms and should be quiet stable after all the
> Point-releases. But even sid is still at 2.2 so there is no sign of an
> update.

The Debians may be waiting for the 2.4 release (which was announced as the
next stable release after 2.2).

> If Debian Bookworm releases with 2.2.x users will not be able to
> use the new AE- and EC-algorithms unless 2.3.x will appear in backports.

This information is wrong. Support for most algorithms has been backported to
2.2. Almost all people who reported incompatibilities between 2.3 and 2.2 were
using outdated 2.2.x releases.

Regards,
Ingo

Re: Only GnuPG 2.2.x in Debian Bookworm? [ In reply to ]

bernhard at intevation

Dec 12, 2022, 3:53 AM

Post #3 of 6 (386 views)

Permalink

Am Sonntag 11 Dezember 2022 13:19:11 schrieb Ingo Klöcker:
> The Debians may be waiting for the 2.4 release (which was announced as the
> next stable release after 2.2).

Unlikely, it seems more like the maintainers were less active.

2.3 is on the wishlist (since October), you may want to follow
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022702

And Daniel Kahn Gillmor (DKG, the maintainer) got more active since
April this year, and added 2.2.40 (and previously .35, .39).
See
https://tracker.debian.org/pkg/gnupg2

(Thanks Daniel!)

(DKG does not appear in the changelog for about 14 months,
maybe this break of him is reponsible for a slight delay in current versions
for bookworm, you possibly can see more if you look at the archives of the
maintainer's mailing list or other public information of Debian.)

Regards
Bernhard

--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter

Re: Only GnuPG 2.2.x in Debian Bookworm? [ In reply to ]

gnupg-users at gnupg

Dec 13, 2022, 7:36 AM

Post #4 of 6 (385 views)

Permalink

On Sat, 10 Dec 2022 22:21, Karel van Gruiten said:

> I am only a user, but I wonder why they stick to the 2.2-series and do

Probably because there is an interest conflict between the GnuPG
maintainers in Debian and those who want to turn OpenPGP into something
very different (i.e. new IETF OpenPGP WG participants / Sequoia venture
capitalists).

SCNR,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Re: Only GnuPG 2.2.x in Debian Bookworm? [ In reply to ]

bernhard at intevation

Dec 15, 2022, 12:17 AM

Post #5 of 6 (380 views)

Permalink

Werner,

Am Dienstag 13 Dezember 2022 16:36:24 schrieb Werner Koch via Gnupg-users:
> On Sat, 10 Dec 2022 22:21, Karel van Gruiten said:
> > I am only a user, but I wonder why they stick to the 2.2-series and do
>
> Probably because there is an interest conflict between the GnuPG
> maintainers in Debian and those who want to turn OpenPGP into something
> very different (i.e. new IETF OpenPGP WG participants / Sequoia venture
> capitalists).
> SCNR

can you be more specific?
Speculations and rumors do not help much, even if they are meant to be funny
(where they?)

Which IETF OpenPGP working group members are you referring to?
What of their actions will be a problem for OpenPG from our point of view?
Who are the "Sequoia venture capitalists" and what are their interests?

Regards
Bernhard

--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter

Re: Only GnuPG 2.2.x in Debian Bookworm? [ In reply to ]

gnupg-users at gnupg

Dec 16, 2022, 9:45 AM

Post #6 of 6 (375 views)

Permalink

On Thu, 15 Dec 2022 09:17, Bernhard Reiter said:

> Which IETF OpenPGP working group members are you referring to?

That should be obvious with just a little research.

> What of their actions will be a problem for OpenPG from our point of view?

Instead of finalizing the draft started in 2015, they took the last year
to replace large parts of the specs while ignoring all deployed code by
the two major implementations (namely GnuPG and RNP which are based on
the WG group mailing list agreed drafts from 2017/2018).

The problem is called "Design by committee" and the inevitable
split/profiling of standards.

GnuPG won't follow the likely outcome of the IETF OpenPGP WG because we
value our users and feel a responsibility to keep a deployed and
sensible moving ecosystem alive and working.

> Who are the "Sequoia venture capitalists" and what are their interests?

A pun on the name of one implemetation and the(ir) VC sphere.

Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Mailing List Archive

Attached Files:

Attached Files:

Attached Files:

Attached Files:

Attached Files: