On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote: > On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said: > >> Unless you have specific reasons for transitioning to gpg2, stick >> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier > ^^^^^^^^^^ > > That is definitely not the case. All improvements go into 2.1 > and some are backported to 2.0. We only add necessary > fixes to 1.4.
Most od 2.x "improvements" have little to do with security. I can't offer any conclusive evidence for this, but it is my honest estimate that more real-world sensitive traffic volume is generated by 1.4.x than 2.x. Consequently, if 1.4.x is in any was insecure, this would be of significantly greater benefit to a whole class of large institutional web-traffic attackers than if 2.x was insecure. So, if 1.4.x is indeed in any way insecure, that should merit more serious and immediate attention that if 2.x was insecure. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
