Should GnuPG 1.4.x be revived?

[David Shaw]

On 07/13/2010 09:54 AM, Karel Klic wrote:

> several users of Emacs and one user of Vim complained in rhbz#574406 [1]
> that they can no longer use their editor to open and edit gpg-encrypted 
> files in Fedora 13.
> 
> The reason is that GnuPG 1.4 was deprecated after Fedora 12 release, and 
> GnuPG 2 was introduced to replace it. However, GnuPG 2 is not entirely 
> compatible with GnuPG 1.4.
> 
> I looked at GnuPG 2 and it seems that it would be very difficult to 
> modify Emacs and Vim to support it. GnuPG 2 does not allow to enter a 
> password using shell -- it needs entire terminal (as it uses ncurses 
> program pinentry-curses).
> Text editors can use only shell to send a password to GnuPG.
> 
> What about reviving GnuPG 1.4? It is maintained, secure, supported, and 
> its integration into text editors is used extensively and works well. It 
> can live alongside GnuPG 2.

No disagreement here in that GnuPG (of whatever version) should work with Emacs and vim.  That should be fixed.  However, as a GnuPG developer, I'd like to suggest another reason for keeping both GnuPG 1.x and 2.x: although there is significant overlap, they're not really aimed at the same problem.   1.x is aimed at servers where its "all in one" construction simplifies things, or in embedded systems or other places where space is tight.  Some people also prefer the smaller and more easily reviewed code base and thus use 1.x as their "desktop" GnuPG.  The version numbering is unfortunate in that it suggests that 2.x replaces 1.x, but in reality, the 1.x branch is a maintained product on its own.

1.x and 2.x are designed to be able to be installed together if necessary (note that the upstream code generates a binary named "gpg2" - the "gpg" binary in F13 is due to a local patch).  This was done very well in F11.

See, for example:
  http://www.mail-archive.com/gnupg-users@gnupg.org/msg04642.html
and
  http://www.mail-archive.com/gnupg-users@gnupg.org/msg04645.html

David