On Fri, Jan 9, 2026 at 9:06 AM Dominik 'Rathann' Mierzejewski <[email protected]> wrote: > > On Tuesday, 06 January 2026 at 22:25, Brian C. Lane wrote: > > I think it's past time to finally retire gnupg1 (this is gnupg v1.4.23 > > from the upstream STABLE-1-4 branch). Upstream doesn't really maintain > > it, and with the recent slew of CVE's for gnupg2 I don't think it's safe > > to keep it around. > > > > The only package depending on it is perl-Crypt-GPG. I've emailed the > > maintainer directly to let them know. > > > > I originally revived it because I used it as part of my local dev setup > > for some things, but I've not actually used it in years now that gnupg2 > > is stable :) > > > > I'm planning on running the retirement process on rawhide, epel8 and > > epel9 branches at some point in the next week. > > Please don't and transfer it to me instead. I'm still using it to > validate the PGP-2 signatures on tin package tarballs: > https://src.fedoraproject.org/rpms/tin/blob/rawhide/f/tin.spec#_40 > GnuPG 2.x doesn't support these. Neither does Sequoia as far as I can > tell.
From what I can see, nobody has asked the Sequoia folks about it, so maybe file a ticket and ask them? https://gitlab.com/sequoia-pgp/sequoia/-/issues -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
