[Bug 2090995] Re: gnupg2 is not OpenPGP compliant
Andreas Metzler
2090995 at bugs.launchpad.net
Sat Jan 11 06:29:37 UTC 2025
Have you got / are you running tests to doublecheck that revert-
rfc4880bis.patch does what it is supposed to do and continues to do so?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/2090995
Title:
gnupg2 is not OpenPGP compliant
Status in gnupg2 package in Ubuntu:
Fix Committed
Status in gnupg2 source package in Noble:
New
Status in gnupg2 source package in Oracular:
New
Status in gnupg2 source package in Plucky:
Fix Committed
Bug description:
[Impact]
GnuPG 2.4 defaults to generating keys that are incompatible with other OpenPGP implementations, following a schism in the OpenPGP community leading to GnuPG upstream to declare its own LibrePGP "standard".
We should revert these changes such that keys generated on 24.04 are
interoperable again.
[Test Plan]
TBD
[Where problems could occur]
Particularly concerning would be an inability to verify signatures from keys previously generated on 24.04; our test plan should ensure that a v5 key's signatures can still be verified after we switch back to v4 keys by default.
There are some unknowns in how users might have come to rely on some
v5-only features that are once again hidden behind an option, like the
ed448 keys.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2090995/+subscriptions
More information about the foundations-bugs
mailing list