Transitioning to GnuPG 2.1 within Debian

This is currently brainstorming, not a hard plan.

Rationale: we should eventually move from GnuPG 1.4.x to the modern version of GnuPG (2.1 branch) as the default in Debian. This should provide our users with Elliptic curve crypto, a proper cryptographic agent, better-indexed keybox format, and daemonized keyserver support (which copes better with transient pool outages).

Several different possible approaches (these could be combined):


hard cutover


introduce a metapackage that depends on gnupg2 | gnupg1


here are some things that the gnupg1 packaging currently provides that we ought to be providing in the gnupg2 packages:

Open Questions