Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6445

Why Do Developers Continue to Sign with GNUPG

From fosres@posteo.de
Newsgroups linux.debian.security
Subject Why Do Developers Continue to Sign with GNUPG
Date 2025-08-10 17:00 +0200
Message-ID <LifGF-6wN7-3@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

Hello Debian Security Team,

Since Debian is a major Linux distribution I want to ask why

software developers continue to digitally sign their code an

software packages with GNUPG when there are simpler alternatives

such as minisign (https://jedisct1.github.io/minisign/), signify, or age 
(https://github.com/FiloSottile/age).

PGP has been criticized for its being difficult to use by other

cryptographers:

https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/

I thank all responses in advance!

Best,

Tanveer Salim

Back to linux.debian.security | Previous | NextNext in thread | Find similar

Thread

Why Do Developers Continue to Sign with GNUPG fosres@posteo.de - 2025-08-10 17:00 +0200
  Re: Why Do Developers Continue to Sign with GNUPG "Adam D. Barratt" <adam@adam-barratt.org.uk> - 2025-08-10 17:50 +0200
  Re: Why Do Developers Continue to Sign with GNUPG Jeremy Stanley <fungi@yuggoth.org> - 2025-08-10 20:30 +0200
    Re: Why Do Developers Continue to Sign with GNUPG Simon Josefsson <simon@josefsson.org> - 2025-08-12 00:10 +0200
  Re: Why Do Developers Continue to Sign with GNUPG Malte <ml@enteig.net> - 2025-08-10 20:40 +0200
  Re: Why Do Developers Continue to Sign with GNUPG Gunnar Wolf <gwolf@debian.org> - 2025-08-11 07:00 +0200

csiph-web