Till Maas venit, vidit, dixit 04.09.2017 18:24: > On Mon, Sep 04, 2017 at 08:56:31AM +0200, Remi Collet wrote: > >> gnupg v2 is a nightmare for "server", I maintain some PHP extensions and >> libraries which works perfectly against v1, and not against v2 > > Would it be ok for you to patch the libraries to use /usr/bin/gpg1 > instead? > >> And, AFAIK, v1 is still maintained. > > It is on life-support but not properly maintained. GPG2 uses a better > file format for private keys that GPG1 does not understand. Therefore > GPG2 allows for example to merge GPG subkeys for private keys. If one > relies on GPG2. Also the GPG agent for GPG2 seems to be better than the > GPG1 agent. AFAIK there is no benefit for anyone to still use GPG1 over > GPG2 except for not updating code now. For me it only causes problems > when I accidentally use GPG1 instead of GPG2 because the gpg command > points to GPG1. Also I remember that there might be issues with GPG > signing GIT commits since it defaults to using the gpg command instead > of using the gpg2 command. It uses gpg if present, and gpg2 if gpg is not present; also gpg.program can be set in global config to force a specific program. Note that Git uses "gpg" in a way that works with both versions (as far as the commandline is concerned). So, the only problem for Git is when gpg(1) is installed along with gpg2 and users expect Git to "magically" use gpg2 when they prefer that (key store, agent set-up). > Eventually GPG1 will die anyhow. Also the default library gpgme supports > GPG2 correctly and it would be better for code to use GPG via gpgme > instead of writing own wrappers as an extension/library anyhow IMHO. > > Kind regards > Till > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
