Am So, Okt 05, 2025 am 02:21:05 -0400 schrieb Eli Schwartz:
On 10/5/25 2:01 AM, Matthias Maier wrote:On Sat, Oct 4, 2025, at 22:19 CDT, Michał Górny <[email protected]> wrote:Hi, As you may have read (and probably forgotten about it), OpenPGP has diverged into two incompatible standards a while ago [1].[...]Yeah, this is a mess. We could also ditch the whole PGP thing and simply use ssh keys for signing [1, 2, 3].[2] We are already mainting quite an elaborate setup for ssh and pgp keys - we could simply reduce it to only ssh keys.[3] No, this is not really a serious suggestion :-)Thanks for acknowledging that, though I wonder what the point of mentioning it at all, was. :) Also, re footnote 2, it very much does not simplify things, quite the opposite. Just saying. ;)
I thought this would indeed be feasible and that it would simplify things. I must be missing some informations. Could anyone expand on why using ssh for signing is not possible for us?
Hoël
signature.asc
Description: PGP signature
