Any guidance for gnupg-2.0 -> gnupg-2.1 (archived encrypted email)?

Sun May 24 18:13:24 UTC 2015

For the most part, I am fairly aggressive about ensuring that the
FreeBSD systems I use day-to-day are running a recent STABLE snapshot,
and that installed ports are also out-of-date by no more than a week.

Last November, I encountered a reason to deviate from that: When
security/gnupg became gnupg-2.1, I found that gnupg-2.1 was unable to
decrypt some (well, any, in my experience) archived encrypted email
messages.

For me, that is a show-stopper; I was relieved to find that I could
switch to security/gnupg20 and restore the previous functionality.
(Thank you, kuriyama@, for keeping security/gnupg20 available!)

For most pruposes, this fallback works OK.  But there are a couple of
issues:

* I'm relying on code that isn't being maintained.  And at some point,
  it won't work any more.  Or I'll find that I "need" to run the new(er)
  version for some other reason.

* There exists at least one port that I have installed
  (emulators/pipelight) that is constructed in such a way that it
  requires security/gnupg  -- though as far as I can tell,
  security/gnupg20 would satisfy the actual requirement for a
  functioning ${LOCALBASE}/bin/gpg2:

  g1-254(10.1-S)[1] pkg which /usr/local/bin/gpg2
  /usr/local/bin/gpg2 was installed by package gnupg20-2.0.27
  g1-254(10.1-S)[2] pkg info -o gnupg20-2.0.27
  gnupg20-2.0.27                 security/gnupg20

  -- I'd submit a PR w/patch if a had a clue how to get pipelight
  & portmaster to just use the already-installed executable.

For the latter issue, my current (ugly!) evasive maneuver is to run:

	portmaster -o security/gnupg `pkg info gnupg\*`

before updating emulators/pipelight, and:

	portmaster -o security/gnupg20 `pkg info gnupg\*`

afterward.  This isn't the sort of thing I'd care to hold up as
an exemplar of the FreeBSD experience. :-}

I waited for a while, in the hope that the folks at gnupg.org would
realize the magnitude of the issue and address it, with at least
some sort of guide for those who found themselves in such a position
-- I expect that there are more than just a few others who are in
a similar state of having encrypted archived data that gnupg-2.1
will not decrypt -- but reading things like
<https://www.gnupg.org/faq/whats-new-in-2.1.html>, and particularly
<https://www.gnupg.org/faq/whats-new-in-2.1.html#nopgp2>, left me
a bit discouraged on that front.

So I came to freebsd-ports@, where I'm hoping that there are some
clueful folks who are also a bit more, shall we say, sensitive to things
like "POLA" and "backwards compatibility" -- as well as history -- to
ask if anyone else has figured out a better way to cope, or found a
write-up of same (and would be willing to share).

FWIW, the bulk of the encrypted data I have archived is email messages;
usually, these are also signed.  And some were written by other folks,
and I'd like to preserve both my ability to read the messages and the
evidence that they were signed by their auhors.

Thanks in advance; I'm happy to summarize private responses.

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
Those who murder in the name of God or prophet are blasphemous cowards.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20150524/a80796f6/attachment.sig>