On Sat, 2018-03-31 at 10:55 +0200, Daniele Nicolodi wrote:
> On 29/03/2018 15:54, Yago González wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Yago González
> >
> > * Package name: egpg
> > Version : 2.1
> > Upstream Author : Dashamir Hoxha
> > * URL : https://github.com/dashohoxha/egpg
> > * License : GPL-3
> > Programming Lang: Shell
> > Description : Wrapper tool to easily manage and use keys with
> > GPG
> >
> > Easy GnuPG (egpg) is a wrapper script that tries to simplify the
> > process of
> > using GnuPG. In order to make things easier, it is opinionated about
> > the
> > "right" way to use GnuPG.
> >
> > It helps manage (e.g. generate, revoke...) the keys as well as use
> > them
> > to verify, sign and encrypt messages.
>
> The last time Easy GnuPG has been discussed on the GnuPG mailing list:
>
> thread starting around this message
>
> https://lists.gnupg.org/pipermail/gnupg-users/2016-April/055835.html
>
> and later
>
> https://lists.gnupg.org/pipermail/gnupg-users/2016-May/056007.html
> Easy GnuPG was not deemed ready for end users, and technical issues
> with
> the code were identified. I think including it in Debian is akin to
> recommend it and somehow a statement on its technical cryptographic
> validity.
Thank you very much for pointing those out. I wasn't aware of such
issues, and I definitely think that it should be reliable and safe to
use before having it packaged for Debian.
I will talk to upstream about this soon, and I will see how can we
address it. In the meantime, I think that keeping this on hold will be
best.
> It seemed that people on the GnuPG mailing list were not too
> enthusiastic about reviewing it. Has something changed since
> then? Is
> there an (informal) evaluation of the code or of the project in
> general
> from a third party?
> Cheers,
> Daniele
>
Regards,
--
Yago González
yagogonzal...@gmail.com
PGP fingerprint: 5E9F 632D 51FE C74A 3BB4 F7E8 565D CA98 89AD 316B
