where can one find an official gnupg project statement on the state of sub project?

Philip Jackson philip.jackson at nordnet.fr
Thu Mar 5 13:22:24 CET 2015

On 05/03/15 11:33, Paulo Lopes wrote:
> If I could suggest something else, what about having official packages, say:
> * official ppa for ubuntu
> * official rpm for RHEL/Centos/Fedora/SUSE
> * official Arch AUR
> Of course this is quite some work and lots of distros are not here but for
> example this would mean that gnupg users would always have an official build
> unlike for example:
> as of today (March 5, 2015) ubuntu 14.04 LTS is still offering gnupg 1.4.16 even
> though there have been security issues fixed in 1.4.17, 1.4.18 and 1.4.19. In a
> way a uninformed user that is under the impression that gnupg is secure due to
> the fact that the distro he/she uses does not update the packages in time is
> using vulnerable software while the project has already issued security fixes
> long time ago...
> Again this is just an idea that requires quite some work and thought...

Wow .... at last someone has said it.  What a good idea !! For gnupg 2.1.2 as
well ...

This might encourage distros to be a little more adventurous and also spread the
workload from distro maintainers to include other volunteers.

At present, the concensus of many threads is that encryption in general is just
too difficult for the average email user to use willingly and successfully.  The
'average email user' just has his burden increased exponentially if he has to
build everything from source as well in order to follow the progress of the


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150305/ff7c7747/attachment.sig>

More information about the Gnupg-users mailing list