On 2025-01-10 Frank Guthausen <fg.deb...@shimps.de> wrote: [...] > I reconstructed the following timeline:
> Debian bullseye hard freeze[1]: 2021-03-12 > According to Upstream[2], GnuPG 2.4 birth: 2021-04-07 (maybe as devel) Definitely -devel https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html 2.4.0 was released more than 18 months later in December 2022 https://lists.gnupg.org/pipermail/gnupg-announce/2022q4/000477.html > Debian bullseye full freeze[1]: 2021-07-17 > First package (2.4.0) in experimental[3]: 2022-12-25 > Debian bookworm hard freeze[4]: 2023-03-12 > Debian bookworm full freeze[4]: 2023-05-24 > Ubuntu 24.04 LTS (Noble Numbat) release[5]: 2024-04 > RNP LibrePGP support[6]: 2024-07-22 > OpenPGP RFC 9580 release[7]: 2024-07-31 > > For example, OpenPGP certificates produced by earlier versions of 2.4 > > and imported into Thunderbird advertised non-standardized encryption > > mechanisms that Thunderbird didn't support, which led to unreadable > > mails for those users. > Is this still a problem with GnuPG 2.4.7? Can this be adjusted by > changing default configuration in the Debian package? Does it need > a code patch? Patch. This is about AEAD OCB. > Thunderbird seems to use the RNP[8] crypto library which supports > a cooperative workflow with GnuPG via LibrePGP. Are there patches > to remove this behaviour in Debian? [...] I do not know the current status, but afaik thunderbird (not Debian specific) configures rnp, version 128 release notes said: | Disabled support for LibrePGP v5 AEAD/OCB decryption cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
