Paul Wise <p...@debian.org> writes: > On Fri, 2022-04-29 at 17:04 -0700, Russ Allbery wrote:
>> Yes, verifying signatures using obsolete keys or obsolete algorithms >> which are no longer supported in GnuPG 2. > and nothing other than GnuPG 1 supports these keys? I'm personally not aware of anything other than the even more obsolete commercial PGP implementations, but maybe the package maintainers know more. > It seems like it would be a good idea for GnuPG 2 or other OpenPGP > implementation to at least have an option to re-enable them > temporarily. It would be nice, but my understanding is that this was a deliberate simplification by the GnuPG maintainers, which is why their official position has been that people who need such support should use GnuPG 1. I think the change that broke most of the keys was made in GnuPG 2.1.0: * gpg: All support for v3 (PGP 2) keys has been dropped. All signatures are now created as v4 signatures. v3 keys will be removed from the keyring. There are a few other problems that old keys or old signatures could have other than this one, but I think this is the most significant one. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
