Robert J. Hansen
rjh at sixdemonbag.org
Sun Jan 30 05:37:35 CET 2022
> If person1 has a signed and encrypted email to person 2, but which
> used IDEA and MD 5, and now wants to decrypt, and re-encrypt and
> sign, and send to person 2, who will then destroy the original
> email, why shouldn't they be allowed to know if this is safe.
They *are* allowed. The source code is there for them to study.
What I said is that I'm not going to do that work for them, because I
think PGP 2.6.3 is best abandoned. Full stop. No exceptions. Migrate
your data already, you've had over a quarter century.
People are of course free to disagree with me: some do. But that is my
position, and I think it's kind of incredible that someone would ask me
to come up with reasons that would allow PGP 2.6.3 users to justify
their continued use. :)
More information about the Gnupg-users