Breaking changes

Ralph Seichter m16+gnupg at monksofcool.net
Mon May 21 11:46:57 CEST 2018


On 21.05.18 07:20, Robert J. Hansen wrote:

> We should keep the 1.4 source code available, but wash our hands of it
> and say it will receive *no* future fixes, not even for security
> issues -- and we need to stand on that when people start screaming.

I agree. In my experience, this stance--publicly documented--will allow
people to say to their bosses "support has ended, and for security
reasons we now need a budget to finance a move away from this outdated
software". I have seen similar situations often enough; nobody would
spend money as long as the old software horse was still twitching.

Discontinue version 1.4 right away, quoting Efail as a trigger if you
wish, and set an EOL for version 2.0 in a few months, as you suggested.

> Let's get all the breaking pain over at once, and put GnuPG on track
> for the future.

People are going to be (temporarily) very annoyed anyway, so go all the
way. Like Ferdinand von Schill said: "Lieber ein Ende mit Schrecken als
ein Schrecken ohne Ende."

-Ralph



More information about the Gnupg-users mailing list