Why 2.1 is delayed for so long

Ximin Luo infinity0 at pwned.gg
Fri Sep 19 14:30:37 CEST 2014


On 19/09/14 09:49, Werner Koch wrote:
> On Thu, 18 Sep 2014 02:25, djhaskin987 at gmail.com said:
> 
>> also seen Werner say on this mailing list that he has used 2.1 "for
>> years now". I wonder if there is a measure by which the four-year-old
>> version shall be considered stable. If so, what is it? If not, or if
> 
> Never change a running system (i.e. 1.4).  I am glad to see that after
> 11 years 2.0 is now going mainstream.
> 
> I assume that 2.1 will be be adopted faster because it has improvements
> which are fashionable now; in particular ECC.  However, ECC is also one
> of the problems why 2.1 is delayed.  The plan is to implement the new
> non-TLA created ECC curves (Curve255519).  Last fall it looked that the
> IETF would fast adopt they as standards but they keep on debating.  Thus
> the likely outcome is that 2.1 will be released without an official IETF
> standard for the new curves.
> 
> I did a new beta yesterday but my experience with beta versions is that
> they are not widely used or problems/success are not reported.  To move
> forward we might have to jump into cold water and release 2.1 without
> having many test results.  And I need to set aside enough time to
> quickly work on reported problems after 2.1.0.  Thus all other
> construction areas should be cleaned up before.
> 

FWIW I would be happy to help test, if someone makes a Debian package for gnupg 2.1. I might do that myself this weekend. Let me know if there's any significant installation differences between 2.0 and 2.1.

Is the data format for EdDSA keys now final?

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140919/58453ebe/attachment.sig>


More information about the Gnupg-devel mailing list