Break backwards compatibility already: it’s time. Ignore the haters. I trust you.
Ed Kellett
e+gpg at kellett.im
Mon May 21 15:06:14 CEST 2018
On 2018-05-21 09:56, Andrew Skretvedt wrote:
> It seems to me that if the pearl-clutchers who would howl too loudly
> about breaking backwards compatibility were as concerned as they claim,
> they would realize that software evolves. But this evolution doesn't
> eradicate its past. GnuPG is open software. It's ganoo-pee-gee!
>
> If you're a pearl-clutcher with a legacy use-case, perhaps it's time to
> really analyze that case. Do you have a darn good reason to want to
> expose yourself to creeping insecurity? Because its history won't be
> eradicated, if you /do/ have good reasons, you can maintain for yourself
> a legacy fork. To do that you may need to have certain skills or be
> willing to hire-out for them.
Maybe they just want to be able to read emails that they received a long
time ago?
I don't. I didn't start using OpenPGP long enough ago. But I think it's
a bit unfair to call this "exposing yourself to creeping insecurity". It
shouldn't ever be dangerous to *read an email* with an up-to-date email
client, no matter what, because emails shouldn't be able to phone home.
And the emails we're sending and receiving now aren't going to become
more dangerous as time passes (though they could become less so, if a
current vulnerability is mitigated by future client software).
I guess what I'm trying to say here is that it's not decrypting old
crypto that's wrong. It's accepting new emails with old crypto that is
wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180521/780193cf/attachment.sig>
More information about the Gnupg-users
mailing list