Should GnuPG 1.4.x be revived?

Brian C. Lane bcl at redhat.com
Tue Jul 13 16:03:03 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2010 05:38 AM, David Shaw wrote:
> On 07/13/2010 09:54 AM, Karel Klic wrote:
> 
>> several users of Emacs and one user of Vim complained in rhbz#574406 [1]
>> that they can no longer use their editor to open and edit gpg-encrypted 
>> files in Fedora 13.
>>
>> The reason is that GnuPG 1.4 was deprecated after Fedora 12 release, and 
>> GnuPG 2 was introduced to replace it. However, GnuPG 2 is not entirely 
>> compatible with GnuPG 1.4.
>>
>> I looked at GnuPG 2 and it seems that it would be very difficult to 
>> modify Emacs and Vim to support it. GnuPG 2 does not allow to enter a 
>> password using shell -- it needs entire terminal (as it uses ncurses 
>> program pinentry-curses).
>> Text editors can use only shell to send a password to GnuPG.
>>
>> What about reviving GnuPG 1.4? It is maintained, secure, supported, and 
>> its integration into text editors is used extensively and works well. It 
>> can live alongside GnuPG 2.
> 
> No disagreement here in that GnuPG (of whatever version) should work with Emacs and vim.  That should be fixed.  However, as a GnuPG developer, I'd like to suggest another reason for keeping both GnuPG 1.x and 2.x: although there is significant overlap, they're not really aimed at the same problem.   1.x is aimed at servers where its "all in one" construction simplifies things, or in embedded systems or other places where space is tight.  Some people also prefer the smaller and more easily reviewed code base and thus use 1.x as their "desktop" GnuPG.  The version numbering is unfortunate in that it suggests that 2.x replaces 1.x, but in reality, the 1.x branch is a maintained product on its own.
> 
> 1.x and 2.x are designed to be able to be installed together if necessary (note that the upstream code generates a binary named "gpg2" - the "gpg" binary in F13 is due to a local patch).  This was done very well in F11.
> 

This is why I'm so surprised to see gpg be deprecated in f13. Upstream
is supporting both and the manpage even indicates that the binary should
be gpg2.

I don't see any reason for it to have been removed in f13, and am
willing to help maintain it. I've been a pgp and gpg user since the
early 90's, I attempted to port pgp to the Atari ST (unsuccessfully I
should note :) ) at one time.

- -- 
Brian C. Lane <bcl at redhat.com>
Red Hat / Port Orchard, WA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTDyONxF+jBaO/jp/AQIIbwf/dP0Vs740iJUke+0nAYXE3OO0Gwe6SHFm
kfMdGUAwNrRTIwSiwMkGrQNtOQN7XlbG2fkBVcyt4SWgRBJPDlRIXZgWRwjxfw7l
mptTwmhshhuwQjGS0mfaZJ1X1WF6voYwLxoOIMDEMB9d8+SP+4vFq22obkEqjU3w
RJUpSW2XJR9JCv6O8yQbBK2PbC++LIM4lJcmifBFLh1u2KjsuyejBMz4iL/ieCam
aO9fexC2y38hq9FPmQeyQdtUaak+z8vIEA6ZgHFqLxuCMUl3nlDE70kq4CnDDnz4
9gIhfWxWSc0lSQdW7UzU1eD9YNSNz7Q1IU4jx+aMcsbIi2eTQjdc5w==
=Vdl1
-----END PGP SIGNATURE-----

More information about the devel mailing list