[Bug 2090995] [NEW] gnupg2 is not OpenPGP compliant

Julian Andres Klode 2090995 at bugs.launchpad.net
Wed Dec 4 10:47:24 UTC 2024 

Public bug reported:

[Impact]
GnuPG 2.4 defaults to generating keys that are incompatible with other OpenPGP implementations, following a schism in the OpenPGP community leading to GnuPG upstream to declare its own LibrePGP "standard".

We should revert these changes such that keys generated on 24.04 are
interoperable again.

[Test Plan]
TBD

[Where problems could occur]
Particularly concerning would be an inability to verify signatures from keys previously generated on 24.04; our test plan should ensure that a v5 key's signatures can still be verified after we switch back to v4 keys by default.

There are some unknowns in how users might have come to rely on some
v5-only features that are once again hidden behind an option, like the
ed448 keys.

** Affects: gnupg2 (Ubuntu)
     Importance: Undecided
         Status: Fix Committed

** Affects: gnupg2 (Ubuntu Noble)
     Importance: Undecided
         Status: New

** Affects: gnupg2 (Ubuntu Oracular)
     Importance: Undecided
         Status: New

** Affects: gnupg2 (Ubuntu Plucky)
     Importance: Undecided
         Status: Fix Committed

** Also affects: gnupg2 (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: gnupg2 (Ubuntu Oracular)
   Importance: Undecided
       Status: New

** Also affects: gnupg2 (Ubuntu Plucky)
   Importance: Undecided
       Status: New

** Changed in: gnupg2 (Ubuntu Plucky)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/2090995

Title:
  gnupg2 is not OpenPGP compliant

Status in gnupg2 package in Ubuntu:
  Fix Committed
Status in gnupg2 source package in Noble:
  New
Status in gnupg2 source package in Oracular:
  New
Status in gnupg2 source package in Plucky:
  Fix Committed

Bug description:
  [Impact]
  GnuPG 2.4 defaults to generating keys that are incompatible with other OpenPGP implementations, following a schism in the OpenPGP community leading to GnuPG upstream to declare its own LibrePGP "standard".

  We should revert these changes such that keys generated on 24.04 are
  interoperable again.

  [Test Plan]
  TBD

  [Where problems could occur]
  Particularly concerning would be an inability to verify signatures from keys previously generated on 24.04; our test plan should ensure that a v5 key's signatures can still be verified after we switch back to v4 keys by default.

  There are some unknowns in how users might have come to rely on some
  v5-only features that are once again hidden behind an option, like the
  ed448 keys.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2090995/+subscriptions

More information about the foundations-bugs mailing list