[Bug 286046] security/gnupg: Usage of FreePG patchset to conform to OpenPGP

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286046

            Bug ID: 286046
           Summary: security/gnupg: Usage of FreePG patchset to conform to
                    OpenPGP
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: adridg@freebsd.org
          Reporter: guillem@hadrons.org
             Flags: maintainer-feedback?(adridg@freebsd.org)
          Assignee: adridg@freebsd.org

Hi!

The GnuPG project has declared it will no longer follow the OpenPGP
specification going forward (specifically RFC9580), and has instead forked it
into its own LibrePGP one, based on an old OpenPGP revision which had no
consensus on the IETF working group. This is cause of major concern for
interoperability in circles that make heavy use of OpenPGP, and among the other
conformant OpenPGP implementations around. This has been called the OpenPGP
schism, and has been covered in some online journals.

At least many major GNU/Linux distributions have started to patch their GnuPG
packages with a subset of common patches collected by the FreePG project, that
try to make downstream work easier. Those include not defaulting to LibrePGP,
and changing defaults to better and more secure ones.

The FreePG project can be found at https://gitlab.com/freepg/gnupg. It would be
nice if several of those patches could be picked up. AFAIUI, I think the most
important ones would be all the "compliance" ones in addition to patch
0023-gpg-Reintroduce-openpgp-as-distinct-from-rfc4880.patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.