m16+gnupg at monksofcool.net
Mon May 21 11:46:57 CEST 2018
On 21.05.18 07:20, Robert J. Hansen wrote:
> We should keep the 1.4 source code available, but wash our hands of it
> and say it will receive *no* future fixes, not even for security
> issues -- and we need to stand on that when people start screaming.
I agree. In my experience, this stance--publicly documented--will allow
people to say to their bosses "support has ended, and for security
reasons we now need a budget to finance a move away from this outdated
software". I have seen similar situations often enough; nobody would
spend money as long as the old software horse was still twitching.
Discontinue version 1.4 right away, quoting Efail as a trigger if you
wish, and set an EOL for version 2.0 in a few months, as you suggested.
> Let's get all the breaking pain over at once, and put GnuPG on track
> for the future.
People are going to be (temporarily) very annoyed anyway, so go all the
way. Like Ferdinand von Schill said: "Lieber ein Ende mit Schrecken als
ein Schrecken ohne Ende."
More information about the Gnupg-users