Announcement

Collapse
No announcement yet.

Fedora 30 To Finally Use GnuPG 2 As The Default

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 30 To Finally Use GnuPG 2 As The Default

    Phoronix: Fedora 30 To Finally Use GnuPG 2 As The Default

    While many Linux distributions have moved past GnuPG 1 and some no longer even packaging it, Fedora Linux continues using GnuPG 1 as the default gpg, but that is likely to change with Fedora 30...

    http://www.phoronix.com/scan.php?pag...efault-GnuPG-2

  • #2
    Now if they could improve Seahorse / GNOME Keyring. The frontend for GNOME.
    It feels rather outdated.

    Comment


    • #3
      Originally posted by uid313 View Post
      Now if they could improve Seahorse / GNOME Keyring. The frontend for GNOME.
      It feels rather outdated.
      Feels my dated isn’t a huge problem. I’d rather see a focus on performance myself. In any event Fedora is funny in some ways as it is supposedly bleeding edge yet these things do pop up from time to time.

      Comment


      • #4

        GnuPG is a useful tool useful in many situations, no serious distribution would not include it because of its utility, that would be severe negligence, distributions that do not include it could not be taken seriously. People often think of e-mail for GnuPG but it could be used for other things.

        For email it never really caught on because it was too complicated for most people to set up. To make it so most people would use it would require it to be automated. Support for a key exchange facility should be a standard part of email protocols so when a user authenticates with email server, they can over the authenticated connection upload their public key which would then be hosted on the email server and can be requested by third parties over HTTPS.
        The way it often was people would manually look up the key in a key server and the paste it into their software which would require complex additional steps to install additional plugins to their email program since email programs did not include it by default. Thats why it should be a required part of the email protocols and key exchange should be an automated process, the whole thing should work out of the box without user intervention.
        Last edited by jpg44; 12-10-2018, 05:34 PM.

        Comment


        • #5
          Originally posted by jpg44 View Post
          Thats why it should be a required part of the email protocols and key exchange should be an automated process, the whole thing should work out of the box without user intervention.
          Too bad that email protocols were made in the stone age of computing and will probably never ever see significant updates (apart from attempts to vendorlock like the whole MS Exchange thing) due to breaking retrocompatibility.

          Comment


          • #6
            Originally posted by starshipeleven View Post
            Too bad that email protocols were made in the stone age of computing and will probably never ever see significant updates (apart from attempts to vendorlock like the whole MS Exchange thing) due to breaking retrocompatibility.
            That's right. It's not a good idea to break backward compatibility when not necessary, in regards to encryption, thats its necessary to do that. Old SSL versions are dropped to force websites to upgrade etc.

            With Lets Encrypt making TLS more available and affordable, email key exchange can be built on top of that with TLS providing underlying trust mechanism. Clients connect to email server over TLS, upload public key, other clients can request public key for email addresses over TLS. It can be an automated process, the user enters email address into To: field, and client automatically fetches the key for the email address from the remote email server so it can encrypt the message.

            Comment


            • #7
              Originally posted by jpg44 View Post
              This more of a statement on how out of data Fedora's package repository is and how it is not very well maintained.

              GnuPG is a useful tool useful in many situations, no serious distribution would not include it because of its utility, that would be severe negligence, distributions that do not include it could not be taken seriously. People often think of e-mail for GnuPG but it could be used for other things.
              Wow. Much FUD here.

              Fedora has shipped GnuPG 2 as gnupg2 for many years now. In fact, Red Hat Enterprise Linux has only shipped gnupg2 since RHEL 6. This change is only about making it so that "dnf install gnupg" will install gnupg2 rather than gnupg1. In various aspects of the distribution, gnupg2 has been the de facto default anyway. This just makes it the de jure default, too.
              Last edited by King InuYasha; 12-10-2018, 01:23 PM. Reason: Shorten to the relevant quote

              Comment


              • #8
                Originally posted by jpg44 View Post
                That's right. It's not a good idea to break backward compatibility when not necessary, in regards to encryption, thats its necessary to do that. Old SSL versions are dropped to force websites to upgrade etc.
                Lol "force". You know that sites can run with ancient Apache and SSL and PHP and whatever else for decades?

                The only thing that forces an upgrade is a botnet constantly auto-pwning and auto-wiping the site (so they can't just restore a backup and be fine like with most "Anonymous" kind of attacks), and imho we need more "ethical hackers" like that, that cause observable disruption so people is forced to fix issues that allow actual and much more covert malicious usage.

                Comment


                • #9
                  Originally posted by King InuYasha View Post

                  Wow. Much FUD here.

                  Fedora has shipped GnuPG 2 as gnupg2 for many years now. In fact, Red Hat Enterprise Linux has only shipped gnupg2 since RHEL 6. This change is only about making it so that "dnf install gnupg" will install gnupg2 rather than gnupg1. In various aspects of the distribution, gnupg2 has been the de facto default anyway. This just makes it the de jure default, too.
                  Sorry, Your right. I updated my comment

                  Comment

                  Working...
                  X