On Sat, 2018-03-31 at 10:55 +0200, Daniele Nicolodi wrote: > On 29/03/2018 15:54, Yago González wrote: > > Package: wnpp > > Severity: wishlist > > Owner: Yago González <yagogonzal...@gmail.com> > > > > * Package name : egpg > > Version : 2.1 > > Upstream Author : Dashamir Hoxha <dashoho...@gmail.com> > > * URL : https://github.com/dashohoxha/egpg > > * License : GPL-3 > > Programming Lang: Shell > > Description : Wrapper tool to easily manage and use keys with > > GPG > > > > Easy GnuPG (egpg) is a wrapper script that tries to simplify the > > process of > > using GnuPG. In order to make things easier, it is opinionated about > > the > > "right" way to use GnuPG. > > > > It helps manage (e.g. generate, revoke...) the keys as well as use > > them > > to verify, sign and encrypt messages. > > The last time Easy GnuPG has been discussed on the GnuPG mailing list: > > thread starting around this message > > https://lists.gnupg.org/pipermail/gnupg-users/2016-April/055835.html > > and later > > https://lists.gnupg.org/pipermail/gnupg-users/2016-May/056007.html > Easy GnuPG was not deemed ready for end users, and technical issues > with > the code were identified. I think including it in Debian is akin to > recommend it and somehow a statement on its technical cryptographic > validity.
Thank you very much for pointing those out. I wasn't aware of such issues, and I definitely think that it should be reliable and safe to use before having it packaged for Debian. I will talk to upstream about this soon, and I will see how can we address it. In the meantime, I think that keeping this on hold will be best. > It seemed that people on the GnuPG mailing list were not too > enthusiastic about reviewing it. Has something changed since > then? Is > there an (informal) evaluation of the code or of the project in > general > from a third party? > Cheers, > Daniele > Regards, -- Yago González yagogonzal...@gmail.com PGP fingerprint: 5E9F 632D 51FE C74A 3BB4 F7E8 565D CA98 89AD 316B
