#librepgp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #librepgp, aggregated by home.social.
-
#OpenPGP #LibrePGP #GnuPG
昨年の記事だが,よいまとめ発見>OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
https://kris.fail/posts/opgpvslpgp/ -
#OpenPGP #LibrePGP #GnuPG
昨年の記事だが,よいまとめ発見>OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
https://kris.fail/posts/opgpvslpgp/ -
#OpenPGP #LibrePGP #GnuPG
昨年の記事だが,よいまとめ発見>OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
https://kris.fail/posts/opgpvslpgp/ -
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
Da möchte man sich in #E2EE für #eMail einlesen, schon entdeckt man das neue Tech-Drama zwischen #OpenPGP und #LibrePGP.
Unabhängig von der inhaltlichen Diskussion: Nutzerfreundlich ist anders.
Fragmentierte Standards, opinionated und zu technische Dokumentationen, viel Deep-Tech-Talk, ...
Dass sich das Thema E2EE noch nicht großflächig etabliert hat, liegt meiner Meinung nach in erster Linie an dieser unschönen #UX - und das gilt leider für viele andere #OpenSource-Projekte auch. Schade.
-
Da möchte man sich in #E2EE für #eMail einlesen, schon entdeckt man das neue Tech-Drama zwischen #OpenPGP und #LibrePGP.
Unabhängig von der inhaltlichen Diskussion: Nutzerfreundlich ist anders.
Fragmentierte Standards, opinionated und zu technische Dokumentationen, viel Deep-Tech-Talk, ...
Dass sich das Thema E2EE noch nicht großflächig etabliert hat, liegt meiner Meinung nach in erster Linie an dieser unschönen #UX - und das gilt leider für viele andere #OpenSource-Projekte auch. Schade.
-
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
-
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
-
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
-
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
-
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
-
@Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.
See GnuPG manpage:
❯ gpg --version | head -n 1
gpg (GnuPG) 2.5.13
❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.... and:
The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-dane-openpgpkey-05#section-5
-
@Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.
See GnuPG manpage:
❯ gpg --version | head -n 1
gpg (GnuPG) 2.5.13
❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.... and:
The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-dane-openpgpkey-05#section-5
-
@Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.
See GnuPG manpage:
❯ gpg --version | head -n 1
gpg (GnuPG) 2.5.13
❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.... and:
The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-dane-openpgpkey-05#section-5
-
@Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.
See GnuPG manpage:
❯ gpg --version | head -n 1
gpg (GnuPG) 2.5.13
❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.... and:
The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-dane-openpgpkey-05#section-5
-
@Velocifyer @andrewg That's the reason for my plans to switch from #GnuPG to #sequoiapgp, not the #LibrePGP vs #RFC9580 mess. If a RTFM doesn't suffice and it comes down to RTFC (...Code), I am out.
See GnuPG manpage:
❯ gpg --version | head -n 1
gpg (GnuPG) 2.5.13
❯ man gpg | sed -n '/^[[:space:]]*dane/,/^$/p'
dane Locate a key using DANE, as specified in draft-ietf-dane-openpgpkey-05.txt.... and:
The lookup result MUST pass DNSSEC validation; if validation reaches any state other than "Secure", the verification MUST be treated as a failure.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-dane-openpgpkey-05#section-5
-
@keys_openpgp_org @upofadown #LibrePGP is, for me, the Office Open XML of the #PGP world.
-
@keys_openpgp_org @upofadown #LibrePGP is, for me, the Office Open XML of the #PGP world.
-
@keys_openpgp_org @upofadown #LibrePGP is, for me, the Office Open XML of the #PGP world.
-
@keys_openpgp_org @upofadown #LibrePGP is, for me, the Office Open XML of the #PGP world.
-
Ktoś powinien zrobić diagram.
#PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.
-
Ktoś powinien zrobić diagram.
#PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.
-
Ktoś powinien zrobić diagram.
#PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.
-
Ktoś powinien zrobić diagram.
#PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.
-
Ktoś powinien zrobić diagram.
#PGP (Pretty Good Privacy) to oryginalne, własnościowe narzędzie. Z niego wyprowadzono otwarty standard #OpenPGP. Ten standard zaimplementowano w #GPG (GNU Privacy Guard), którego autorzy przejęli rozwój standardu, do momentu, w którym stwierdzili, że nie dogadają się ze współautorami, i sforkowali go do #LibrePGP. Następnie GPG sforkowano jako #FreePG, żeby przywrócić zgodność z OpenPGP.
-
Someone needs to make a flowchart for this.
#PGP (Pretty Good Privacy) is the proprietary tool. The open standard developed from it is called #OpenPGP. This standard was implemented by a tool called #GPG (GNU Privacy Guard), who took up the development of the standard, until they've decided they don't like where others are pushing it, so they've forked the standard into #LibrePGP. Then GPG was forked into #FreePG to bring it back to OpenPGP compliance.