home.social

#librepgp — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #librepgp, aggregated by home.social.

  1. #OpenPGP #LibrePGP #GnuPG
    昨年の記事だが,よいまとめ発見

    >OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
    kris.fail/posts/opgpvslpgp/

  2. #OpenPGP #LibrePGP #GnuPG
    昨年の記事だが,よいまとめ発見

    >OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
    kris.fail/posts/opgpvslpgp/

  3. #OpenPGP #LibrePGP #GnuPG
    昨年の記事だが,よいまとめ発見

    >OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
    kris.fail/posts/opgpvslpgp/

  4. Post-quantum defaults and GnuPG

    @andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.

    After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.

    #pgp #librepgp #openpgp #opensource
    #community #cybersecurity

    🔗 lists.gnupg.org/pipermail/gnup

  5. Post-quantum defaults and GnuPG

    @andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.

    After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.

    #pgp #librepgp #openpgp #opensource
    #community #cybersecurity

    🔗 lists.gnupg.org/pipermail/gnup

  6. Post-quantum defaults and GnuPG

    @andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.

    After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.

    #pgp #librepgp #openpgp #opensource
    #community #cybersecurity

    🔗 lists.gnupg.org/pipermail/gnup

  7. Post-quantum defaults and GnuPG

    @andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.

    After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.

    #pgp #librepgp #openpgp #opensource
    #community #cybersecurity

    🔗 lists.gnupg.org/pipermail/gnup

  8. Post-quantum defaults and GnuPG

    @andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.

    After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.

    #pgp #librepgp #openpgp #opensource
    #community #cybersecurity

    🔗 lists.gnupg.org/pipermail/gnup

  9. @ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: lists.gnupg.org/pipermail/gnup

    The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.

  10. @ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: lists.gnupg.org/pipermail/gnup

    The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.

  11. @ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: lists.gnupg.org/pipermail/gnup

    The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.

  12. @ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: lists.gnupg.org/pipermail/gnup

    The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.

  13. @ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: lists.gnupg.org/pipermail/gnup

    The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.

  14. Da möchte man sich in #E2EE für #eMail einlesen, schon entdeckt man das neue Tech-Drama zwischen #OpenPGP und #LibrePGP.

    Unabhängig von der inhaltlichen Diskussion: Nutzerfreundlich ist anders.

    Fragmentierte Standards, opinionated und zu technische Dokumentationen, viel Deep-Tech-Talk, ...

    Dass sich das Thema E2EE noch nicht großflächig etabliert hat, liegt meiner Meinung nach in erster Linie an dieser unschönen #UX - und das gilt leider für viele andere #OpenSource-Projekte auch. Schade.

  15. Da möchte man sich in #E2EE für #eMail einlesen, schon entdeckt man das neue Tech-Drama zwischen #OpenPGP und #LibrePGP.

    Unabhängig von der inhaltlichen Diskussion: Nutzerfreundlich ist anders.

    Fragmentierte Standards, opinionated und zu technische Dokumentationen, viel Deep-Tech-Talk, ...

    Dass sich das Thema E2EE noch nicht großflächig etabliert hat, liegt meiner Meinung nach in erster Linie an dieser unschönen #UX - und das gilt leider für viele andere #OpenSource-Projekte auch. Schade.

  16. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  17. When looking at the changes towards the new 2.5.19 version of , there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known , OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

  18. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  19. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  20. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  21. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  22. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

  23. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  24. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  25. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  26. Details about the (ongoing) response to gpg.fail/ from GnuPG's side:

    * gnupg.org/blog/20251226-cleart
    * dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
    * dev.gnupg.org/T7900 (overview)

    Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

    (Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

    #EndtoEndCrypto #LibrePGP #GnuPG #Security

  27. Details about the (ongoing) response to gpg.fail/ from GnuPG's side:

    * gnupg.org/blog/20251226-cleart
    * dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
    * dev.gnupg.org/T7900 (overview)

    Please upgrade to GnuPG 2.5.16, 2.4.9 or 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

    (Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

  28. Details about the (ongoing) response to gpg.fail/ from GnuPG's side:

    * gnupg.org/blog/20251226-cleart
    * dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
    * dev.gnupg.org/T7900 (overview)

    Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

    (Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

    #EndtoEndCrypto #LibrePGP #GnuPG #Security

  29. Details about the (ongoing) response to gpg.fail/ from GnuPG's side:

    * gnupg.org/blog/20251226-cleart
    * dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
    * dev.gnupg.org/T7900 (overview)

    Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

    (Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

    #EndtoEndCrypto #LibrePGP #GnuPG #Security

  30. Details about the (ongoing) response to gpg.fail/ from GnuPG's side:

    * gnupg.org/blog/20251226-cleart
    * dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
    * dev.gnupg.org/T7900 (overview)

    Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.

    (Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)

    #EndtoEndCrypto #LibrePGP #GnuPG #Security

  31. #GnuPG v2.5.14 is here to try.

    A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.

    For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto

    lists.gnupg.org/pipermail/gnup

  32. v2.5.14 is here to try.

    A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography () algorithm "Kyber". RCF8332 for ssh is now supported.

    For others: the 2.5 series is good for Windows 64 and PQC.

    lists.gnupg.org/pipermail/gnup

  33. #GnuPG v2.5.14 is here to try.

    A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.

    For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto

    lists.gnupg.org/pipermail/gnup

  34. #GnuPG v2.5.14 is here to try.

    A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.

    For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto

    lists.gnupg.org/pipermail/gnup

  35. #GnuPG v2.5.14 is here to try.

    A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.

    For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto

    lists.gnupg.org/pipermail/gnup

  36. @Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.

    See GnuPG manpage:

    ❯ gpg --version | head -n 1
    gpg (GnuPG) 2.5.13
    ❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
    dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.

    ... and:

    The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.

    Source: datatracker.ietf.org/doc/html/

  37. @Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.

    See GnuPG manpage:

    ❯ gpg --version | head -n 1
    gpg (GnuPG) 2.5.13
    ❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
    dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.

    ... and:

    The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.

    Source: datatracker.ietf.org/doc/html/

  38. @Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.

    See GnuPG manpage:

    ❯ gpg --version | head -n 1
    gpg (GnuPG) 2.5.13
    ❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
    dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.

    ... and:

    The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.

    Source: datatracker.ietf.org/doc/html/

  39. @Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.

    See GnuPG manpage:

    ❯ gpg --version | head -n 1
    gpg (GnuPG) 2.5.13
    ❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
    dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.

    ... and:

    The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.

    Source: datatracker.ietf.org/doc/html/

  40. @Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.

    See GnuPG manpage:

    ❯ gpg --version | head -n 1
    gpg (GnuPG) 2.5.13
    ❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
    dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.

    ... and:

    The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.

    Source: datatracker.ietf.org/doc/html/

  41. Ktoś powinien zrobić diagram.

    #PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.

  42. Ktoś powinien zrobić diagram.

    #PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.

  43. Ktoś powinien zrobić diagram.

    #PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.

  44. Ktoś powinien zrobić diagram.

    #PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.

  45. Ktoś powinien zrobić diagram.

    #PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.

  46. Someone needs to make a flowchart for this.

    #PGP (Pretty Good Privacy) is the proprietary tool. The open standard developed from it is called #OpenPGP. This standard was implemented by a tool called #GPG (GNU Privacy Guard), who took up the development of the standard, until they've decided they don't like where others are pushing it, so they've forked the standard into #LibrePGP. Then GPG was forked into #FreePG to bring it back to OpenPGP compliance.