Should I be using gpg or gpg2?

Malte malte at
Tue Sep 29 16:03:49 CEST 2015

> I can't offer any conclusive evidence for this, but it is my
> honest estimate that more real-world sensitive traffic volume
> is generated by 1.4.x than 2.x. Consequently, if 1.4.x is in any
> was insecure, this would be of significantly greater benefit to
> a whole class of large institutional web-traffic attackers than
> if 2.x was insecure. So, if 1.4.x is indeed in any way insecure,
> that should merit more serious and immediate attention that if
> 2.x was insecure.

The other, and in my opinion much more sensible, course of action would be to 
migrate all these systems that still use 1.4 to 2.1. Version numbers are like 
entropy: They only increase, never decrease.



More information about the Gnupg-users mailing list