Question on Integrity of Sequoia-PGP Developers

Meik Michalke m at gnupg.org
Thu Sep 11 11:22:09 CEST 2025 

hi,

Am Donnerstag, 11. September 2025, 05:54:44 CEST schrieb Matt Borja via Gnupg-
devel:
> But we also have to remember that it’s ultimately the standard we’re most
> concerned with and need to be conformed to, not a specific implementation.

actually, the schism does cut deeper than that. when we say "OpenPGP" today, 
unfortunately, it is no longer "the standard" it used to be for many years. 
the conflict lines weren't just about implementation, but about the evolution 
of that standard itself. at a certain point, the direction this discussion 
took was seen as so wrong by the GnuPG devs that they felt it pointless to try 
and hold on to what was about to be named "OpenPGP" in the future. they took 
what was originally discussed to become the new OpenPGP standard (a stable but 
necessary update without disruptive changes), and named it "LibrePGP". in that 
sense, LibrePGP is actually a fully compatible evolution of the old OpenPGP 
standard, while the new OpenPGP standard breaks continuity at certain points.

it's a paradox, but if you want to continue to support what used to be OpenPGP 
in the past, you would now need to abandon OpenPGP and support LibrePGP 
instead. it's a bit like when an established brand is bought by another 
company that uses it to sell products that do not continue to uphold what made 
the brand in the first place. it would have been a much better and more 
transparent decision if LibrePGP had been the updated OpenPGP standard as was 
originally planned, and the disruptive, new standard would have been given its 
own new name.

if you want to go into the details, there's a homepage explaining all of it:

  https://librepgp.org

it is true what has been written here before, that compatibility and stability 
are values held up high by GnuPG. it is a pitty that it came to this. it 
wasn't necessary to be this nasty and painful a process.

disclaimer: i do work for g10 code/GnuPG. but i joined the company long after 
this conflict emerged and had no part in that. but i do admit that personally, 
i do find the arguments for LibrePGP much more compelling.


viele grüße :: m.eik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 265 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20250911/da9e8f72/attachment.sig>

More information about the Gnupg-devel mailing list