gnupg2 (2.4.7-15) unstable; urgency=medium
GnuPG 2.4 will not automatically fallback to the PC/SC driver for smartcard
access if direct access fails. Users using pcscd for hardware access will
need to explicitly disable the gnupg CCID driver. See --disable-ccid in
scdaemon.1 and #1102717
-- Andreas Metzler <ametzler@debian.org> Sun, 13 Apr 2025 13:50:29 +0200
gnupg2 (2.4.7-4) experimental; urgency=medium
The upstream GnuPG project now explicitly and deliberately diverges from
the OpenPGP standard. Debian's own workflows rely heavily on OpenPGP,
and we ship several different OpenPGP implementations, so
interoperability via standardization is a priority for the project.
While Debian still has significant dependencies on GnuPG, the version of
GnuPG shipped in Debian will default to emitting only OpenPGP-compatible
artifacts if at all possible. As of 2.4.7-4, the default
is --compliance=openpgp, and we apply several patches to ensure that
this mode is respected.
If you observe GnuPG in Debian emitting a non-OpenPGP artifact in a
scenario where a standard OpenPGP artifact is intended or expected,
please open a critical bug report in the Debian BTS.
If you want Debian's GnuPG to emit non-standardized artifacts, in line
with upstream's deliberate divergence, you can explicitly pass
--compliance=gnupg (or set the corresponding option in
~/.gnupg/gpg.conf). If you revert to compliance with upstream defaults,
do not expect the material you produce to be interoperable with other
OpenPGP implementations.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 07 Feb 2025 23:35:29 -0500
gnupg2 (2.2.27-2) unstable; urgency=medium
Starting with version 2.2.27-1, per-user configuration of the GnuPG
suite has completely moved to ~/.gnupg/gpg.conf, and ~/.gnupg/options
is no longer in use. Please rename the file if necessary, or move
its contents to the new location.
-- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Thu, 22 Apr 2021 20:37:45 +0200
gnupg2 (2.2.17-1) unstable; urgency=medium
Upstream GnuPG now defaults to not accepting third-party certifications
from the keyserver network. Given that the SKS keyserver network is
under attack via certificate flooding, and third-party certifications
will not be accepted anyway, we now ship with the more tightly-constrained
and abuse-resistant system hkps://keys.openpgp.org as the default
keyserver.
Users with bandwidth to spare who want to try their luck with the SKS
pool should add the following line to ~/.gnupg/dirmngr.conf to revert to
upstream's default keyserver:
keyserver hkps://hkps.pool.sks-keyservers.net
See the 2.2.17 section in the upstream NEWS file at
/usr/share/doc/gnupg/NEWS.gz for more information about fully
reverting to the old, risky behavior.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Jul 2019 22:12:07 -0400
Generated by dwww version 1.16 on Tue Dec 16 06:39:07 CET 2025.