Break backwards compatibility
Mark Rousell
markr at signal100.com
Mon May 21 05:19:32 CEST 2018
On 21/05/2018 02:12, Jochen Schüttler wrote:
> I'm all for breaking backwards compatibility.
>
> What's the worst the haters can do? Turn their back on GnuPG? Shout out
> really loud once more? I think they should get a life!
I rather suspect they do have a life supporting scenarios that they
cannot change that require legacy-decryption capability.
If legacy-decryption was removed entirely from current versions of GnuPG
then they would simply have to continue using old, unsupported, and
potentially vulnerable versions. I do not think it is reasonable to just
cut them off entirely.
As Philipp Klaus Krause [1] and Dirk Gottschalk [2] pointed out above,
breaking backward compatibility does not have to be (and should not be
in my opinion) absolute. The ability to decrypt old, legacy-encrypted
data is, like it or not, still present in the real world and it is
therefore surely proper for GnuPG to retain the ability to decrypt such
data in maintained code (albeit whilst requiring users to take action to
make changes to their configuration to be able to continue decrypting
such data using GnuPG).
I agree with those who say that there is no need for mail clients to be
able to decrypt legacy-encrypted data.
[1] https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060473.html
[2] https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060474.html
--
Mark Rousell
PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180521/ab1dfdeb/attachment.html>
More information about the Gnupg-users
mailing list