customizing PGP (was: restrict the set of accepted digest algorithms)

lists-gnupgdev at lina.inka.de lists-gnupgdev at lina.inka.de
Tue Feb 10 19:57:42 CET 2015


Am Tue, 10 Feb 2015 12:52:13 -0500
schrieb "Robert J. Hansen" <rjh at sixdemonbag.org>:

> > I think this (quite widespread) attitude is one of the reasons
> > GnuPG is less often used than it would be possible. (I am speaking
> > about a social phenomen here).
> 
> It's not.
...
> A * B * C * D = the fraction of the potential userbase you've
> alienated.

I am not talking about users beeing alienated (by not
allowing to tuen off SHA1), I am talking about developers
beeing patronized on this list.

This IMHO started way back when GPGME was "enforced" on them. And it
repeats every time somebody want to contribute something modern (not
covered by OpenPGP).

But as I said, its just a feeling, but I dont think I am alone with
that. And I am not sure if this is good or bad for the project (and
sales orders of G10, for that matter). Pointing to "SHA-1 is
mandatory in the standard" is IMHO really not a helpful answer (even
when I personally don't think it is time to avoid it so strictly).

Gruss
Bernd



More information about the Gnupg-devel mailing list