Saturday, 11 July 2015

gnupg 2.1.x by default

A growing number of features are desired, yet missing from classic
gnupg (1.4.x series). Specifically support for many gpg smarcards &
tokens, as well as ECC.

I'd like to propose to switch to gnupg 2.1.x by default.

First it would mean upgrading gnupg 2.0.x to 2.1.x. (available in experimental).

Second we need either transition, or actually patching and fixing a
few packages. Most of the patches and transitions are trivial, as
actually usage and output from gpg2 is the same as with gpg. All
keyring are forward compatible with 2.1.x, but extra care & testing
would be needed around authentication keyrings.

An upgrade of gnupg2 package from 2.0.x -> 2.1.x series should be
trivial and can be done straight away.

Migrating individual things one by one should be relatively painless
as well. The end goal would be to remove gnupg 1.4.x classic edition
from default installations and demote it to universe.

Currently to achieve this goal i'm running something like pgpgpg on my
machines, as in gpggpg2 which simply provides symlinks pointing at the
gnupg2 binaries.

gnupg2.1 does require gpg-agent/pinentry recently this has been
resolved and integrated properly in gtk3 land, as in gnome-keyring
maintainers dropped gpg-agent component, and pinentry-gnome3 variant
got contributed upstream that works well. Iain Lane already landed
this in 15.10 development release. Kubuntu uses gnupg 2.0.x at the
moment by default already, and I will check how well that environment
will cope with gnupg 2.1.x series. All other environments would be
covered by pinentry gtk2 and/or tty variants.

How does above plan sounds? Any comments / remarks / suggestions?



ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: