-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replacement plans for x/crypto/openpgp ? #58
Comments
There seems to be 2 paths forward here. Replacing the PGP library or replacing/deprecating PGP functionality. The later probably will not be the case in the immediate timeline, since there are still use cases around it. The issue seems to indicate that there are forks of this which different groups maintain, but will only get trickle down security patches. I am not familiar with either of the recommended repos. If there's a clear winner among these options, I think it would make sense to choose one, if not, I think we can leave it to the user to choose which one they want with the go.mod replace directive. Do you have any thoughts on these libraries? |
Speaking with Podman in mind, we do depend indirectly on I'll defer to @mtrmac . /cc @vrothberg @rhatdan |
I don't think we will need new or more openpgp functionality and for as long as x/crypto/openpgp exists, we can just keep using. |
I came across golang/go#44226 saying openpgp is marked frozen and deprecated, except for security fixes. Just curious if there are plans to replace it in this repo.
The text was updated successfully, but these errors were encountered: