LibrePGP in Thunderbird, maybe treat it as optional

[Andrew Gallagher]

On 12 Feb 2024, at 10:14, Bernhard Reiter via LibrePGP-discuss <librepgp-discuss at librepgp.org> wrote:
> Am Montag 12 Februar 2024 09:43:16 schrieb Kai Engert via LibrePGP-discuss:
>> - the internal key and trust management of TB would make it clear
>>    in the UI that it's limited to OpenPGP keys, and exclude
>>    GnuPG/LibrePGP keys
> 
> .. means that LibrePGP is very degraded in the UX.
> Not good for users.

At this point I don’t think any of the available options are good for users, short of a reconciliation. If LibrePGP insists on using non-standard code points outside of the space reserved for it, I don’t see how it is possible to cleanly and safely support both LibrePGP and OpenPGP in the same application, unless the dual-support implementations find some magic way of resolving the ambiguities (and I wouldn’t blame them for not wasting any more time on it). Allowing GnuPG to do its own thing in its own sandbox is probably therefore the only safe way to enable the full suite of LibrePGP features.

It will probably therefore be impossible for hockeypuck to support both v5 and v6 PQC keys, given our dependency on upstream library support. I realise this puts Intevation in a particularly uncomfortable position, given that upstream GnuPG has more or less declared keyservers obsolete, and seems unwilling to make any further concessions for our benefit. I had hoped for a more inclusive outcome, and up until last week I honestly believed it was still possible.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240212/4ebdb865/attachment.sig>