Transitioning to GnuPG 2.1 within Debian
This is currently brainstorming, not a hard plan.
Rationale: we should eventually move from GnuPG 1.4.x to the modern version of GnuPG (2.1 branch) as the default in Debian. This should provide our users with Elliptic curve crypto, a proper cryptographic agent, better-indexed keybox format, and daemonized keyserver support (which copes better with transient pool outages).
Several different possible approaches (these could be combined):
- make gnupg packages provide /usr/bin/gpg1 and gpgv1, etc, and point to them with /etc/alternatives
- make gnupg2 packages conflict with earlier versions of gnupg, and provide the alternatives themselves
- set the preferences such that gnupg2 is preferred
- the gnupg2 source package could take over the gnupg binary packages
- gnupg could start providing gnupg1 binary packages
introduce a metapackage that depends on gnupg2 | gnupg1
here are some things that the gnupg1 packaging currently provides that we ought to be providing in the gnupg2 packages:
udev rules for smartcards (see: GnuPG/CCID_Driver)
- udebs for d-i
- win32 gpgv
- How long will we need to support the 1.4 branch for?
- What risks does gnupg 2.1 have for the long term?
- is it OK to drop the 2.0.x branch entirely?
- What is the time frame for this change? (can we complete the transition in stretch?)