On Wed, Jan 4, 2012 at 1:01 PM, Werner Koch <[email protected]> wrote: > On Wed, 4 Jan 2012 13:37, [email protected] said: > >> Is there any plan to back-port the ECC support? > > No. We definitely need to move forward with 2.1 and not keep on > updating 2.0. It would be quite some work to integrate that in 1.4 and > I see no reason to do that. Remember that this is not a one-time task > but requires continues maintenance. We don't have the resources to do > that.
That is a shame, although I do completely understand the resources problem. Though gpg2.1 has lots of wonderful features, it IS a much bigger, much more complex package. I've always liked the fact that gpg1.4 can be built relatively simply, and the code-base looks relatively easy to understand. It really is a case of simply downloading and building. People using gpg2 often have to rely on third-party packagers. You said earlier that someone wanting really high security ought to be prepared to audit the different elements of the system. I'm no expert, but I'd have thought that would be easier if deploying 1.4. Perhaps that is wrong, and in fact people can have better confidence in the new version. I suppose I'd imagined that once the ECC code was written it would effectively be a module that could be integrated relatively easily into the old code. I do understand if that's not the case, but there are reasons why 1.4 is still so popular. Do you think those reasons are outdated and need to be confronted? N. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
