On 05/03/15 11:33, Paulo Lopes wrote: > If I could suggest something else, what about having official packages, say: > > * official ppa for ubuntu > * official rpm for RHEL/Centos/Fedora/SUSE > * official Arch AUR > > Of course this is quite some work and lots of distros are not here but for > example this would mean that gnupg users would always have an official build > unlike for example: > > as of today (March 5, 2015) ubuntu 14.04 LTS is still offering gnupg 1.4.16 > even > though there have been security issues fixed in 1.4.17, 1.4.18 and 1.4.19. In > a > way a uninformed user that is under the impression that gnupg is secure due to > the fact that the distro he/she uses does not update the packages in time is > using vulnerable software while the project has already issued security fixes > long time ago... > > Again this is just an idea that requires quite some work and thought...
Wow .... at last someone has said it. What a good idea !! For gnupg 2.1.2 as well ... This might encourage distros to be a little more adventurous and also spread the workload from distro maintainers to include other volunteers. At present, the concensus of many threads is that encryption in general is just too difficult for the average email user to use willingly and successfully. The 'average email user' just has his burden increased exponentially if he has to build everything from source as well in order to follow the progress of the 'industry'. Philip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
