gpg 1.4
Jakob Bohm
jb-gnumlists at wisemo.com
Thu Jan 15 07:10:27 CET 2026
On 15/01/2026 06:54, Marco Moock via Gnupg-users wrote:
> On 14.01.2026 11:05 "List O'Rama via Gnupg-users"
> <gnupg-users at gnupg.org> wrote:
>
>> *Our position is that the general-purpose operating system is
>> fundamentally inadequate for trusted operations. One can have
>> a general-purpose system or a trusted system, but one cannot
>> get both in a single package.*
> Please let us know why gpg2 is a problem on an air-gaped system and why
> gpg1 isn't.
>
> Trust comes by verifying what code runs on the machines, not by setting
> it up and not updating it.
>
I don't know what List O'Rama is thinking of, but gnupg 2.x is clearly and
obviously bloated, with even the most basic operation invoking multiple extra
executables, some of which want to continue running in the background.
Similarly the output is neither suited for humans nor machines to reliably
parse, often outputting phrases that don't apply to the action taken or its
result, leading to such abomitations as the status-fd socket.
In contrast, gnupg 1.x was a single executable that did the requested
operation within the confines of a single run of a single process except
where needed for potentially dangerous tasks such as JPEG decompression of
untrusted data and/or talking to graphical display systems.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the Gnupg-users
mailing list