Sequoia-PGP (gpg replacement) - OpenPGP

Patrick · June 4, 2023, 10:39am

Patrick · June 4, 2023, 10:47am

port Qubes Split GPG to Sequoia-PGP

opened 10:47AM - 04 Jun 23 UTC

T: enhancement P: default

### The problem you're addressing (if any) gpg has an ancient code base writt…en in a memory unsafe language. ### The solution you'd like Could you consider https://sequoia-pgp.org/ please? Available in Debian and fedora-38. * https://packages.debian.org/bullseye/sq * https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/ ### The value to a user, and who that user might be Increased security and perhaps even increased reliability, code simplification.

HulaHoop · June 4, 2023, 2:46pm

It’s an interesting project with backing of a trust worthy foundation, but with all due respect to the authors, I wouldn’t jump all in on it. GPG is just too critically important that you are better off sticking with the project that has more eyes on it and is constantly being developed. While buggy code can cause serious security risks, there isn’t much record of that being the case with GPG. The other thing is competence of crypto implementations. Despite there being certain standards GPG follows, there are many instances of GPG-isms where they diverge from IETF standards that are cumbersome or don’t make sense for them.

Patrick · June 5, 2023, 12:49pm

The RPM package manager was ported to Sequoia.