On Fri, Jan 09, 2026 at 09:19:18AM -0500, Neal Gompa wrote: > On Fri, Jan 9, 2026 at 9:06 AM Dominik 'Rathann' Mierzejewski > <[email protected]> wrote: > > > > On Tuesday, 06 January 2026 at 22:25, Brian C. Lane wrote: > > > I think it's past time to finally retire gnupg1 (this is gnupg v1.4.23 > > > from the upstream STABLE-1-4 branch). Upstream doesn't really maintain > > > it, and with the recent slew of CVE's for gnupg2 I don't think it's safe > > > to keep it around. > > > > > > The only package depending on it is perl-Crypt-GPG. I've emailed the > > > maintainer directly to let them know. > > > > > > I originally revived it because I used it as part of my local dev setup > > > for some things, but I've not actually used it in years now that gnupg2 > > > is stable :) > > > > > > I'm planning on running the retirement process on rawhide, epel8 and > > > epel9 branches at some point in the next week. > > > > Please don't and transfer it to me instead. I'm still using it to > > validate the PGP-2 signatures on tin package tarballs: > > https://src.fedoraproject.org/rpms/tin/blob/rawhide/f/tin.spec#_40 > > GnuPG 2.x doesn't support these. Neither does Sequoia as far as I can > > tell.
Dominik's original reply didn't make it to me for some reason :/ I feel pretty strongly that gnupg1 needs to be retired, not transferred. It isn't just a matter of maintaining it, it's because upstream isn't working on it despite it being called stable. It's dangerous to users to have it available in the distribution. Brian -- Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
