On Tuesday, 06 January 2026 at 22:25, Brian C. Lane wrote: > I think it's past time to finally retire gnupg1 (this is gnupg v1.4.23 > from the upstream STABLE-1-4 branch). Upstream doesn't really maintain > it, and with the recent slew of CVE's for gnupg2 I don't think it's safe > to keep it around. > > The only package depending on it is perl-Crypt-GPG. I've emailed the > maintainer directly to let them know. > > I originally revived it because I used it as part of my local dev setup > for some things, but I've not actually used it in years now that gnupg2 > is stable :) > > I'm planning on running the retirement process on rawhide, epel8 and > epel9 branches at some point in the next week.
Please don't and transfer it to me instead. I'm still using it to validate the PGP-2 signatures on tin package tarballs: https://src.fedoraproject.org/rpms/tin/blob/rawhide/f/tin.spec#_40 GnuPG 2.x doesn't support these. Neither does Sequoia as far as I can tell. Regards, Dominik -- Fedora https://fedoraproject.org Deep in the human unconscious is a pervasive need for a logical universe that makes sense. But the real universe is always one step beyond logic. -- from "The Sayings of Muad'Dib" by the Princess Irulan -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
