| ▲ | maqp 3 hours ago | |||||||
The biggest issue with PGP/gpg is the difficulty of getting rid of it. If you work on big distros, or know someone who works on big distros, please (start asking them to) add https://github.com/jedisct1/minisign to pre-installed packages to facilitate transition. It's almost a chicken egg problem but the sad thing is, no project wants to swap the signing tool to a better one until everyone can verify the new signatures. | ||||||||
| ▲ | singpolyma3 2 hours ago | parent [-] | |||||||
Note that minisign was also vulnerable in the gpg.fail exposures | ||||||||
| ||||||||