First a big thank you for all your efforts re OpenPGP! It is hard to navigate when there are conflicting requirements around. We need more boats attempting to navigate rather than less, increasing the chances to reach fertile grounds.
Daniel Kahn Gillmor <d...@debian.org> writes: > But the schism is, as far as i can tell, a disaster for both OpenPGP and > for the GnuPG project. The best outcome would be for GnuPG to be able > to parse the updated OpenPGP standards (keys, certificates, signatures, > encryption), and to limit itself to emitting data that can also be read > by other implementations, including the new simplified formats. I know > that the GnuPG project has the cryptographic and software development > expertise to do it, but the project doesn't seem to have interest in > broad interoperability or demonstrating leadership within a pool of > peers, and is instead imposing this schism on the larger ecosystem. There is also the possibility for Seqoia and others to implement parsing of what GnuPG and others are emitting. I am confident doing so is within the expertise of the relevant people too. Fundamentally, I believe that forking upstream projects in this way is bad for users of distributions like Debian. Each project should own the moral compass of its own destiny, and users can decide what to use if they agree with that compass. That's why I personally no longer install Debian for example, because I prefer a 100% free software OS. Right now user decision is crippled because users cannot conveniently get to the proper GnuPG package from Debian, and I believe that's bad for everyone; users, Debian, and GnuPG. /Simon
signature.asc
Description: PGP signature
