Hi, > On 2. Jan 2026, at 17:40, Rénich Bon Ćirić <[email protected]> wrote: > > I think it's important to take this into account: > > https://gnupg.org/blog/20250117-aheinecke-on-sequoia.html
Quoting: "GnuPG and OpenPGP are extremely mature and basically "done.”” https://gpg.fail/ doesn’t look like it’s very “done” to me. Sequoia is a major improvement to the usability of OpenPGP — if you’ve ever tried to change something about your key (e.g., the expiration date, a user ID, algorithm preferences, or any other property) you know the user experience is hard to understand for experts and a nightmare for novice users. The blog post calls this "inventing new problems and features to justify competition”, I don’t agree. Sequoia is also written in a memory-safe language, outright avoiding some of the problems that were reported at gpg.fail. Granted, not all of them. Still, out of 14 problems, I think Sequoia is affected by 1 or 2? Furthermore, sequoia can be used as a library embedded in other software. For GnuPG, there was only gpgme, which forked and executed the gpg command line tool. I guess my point here is: Please read both sides of the schism between IETF OpenPGP and LibrePGP before choosing sides. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
