Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article here.

As @anon123@lemmy.ml pointed out, the following issues about PGP are not specifically related to Debian article I linked.

  • No authenticated encryption.
  • Receiving a signed message means nothing about who sent it to you
  • Usability issues with GnuPG
  • Discoverability of public keys issue.
  • Bad integration with emails.
  • No forward secrecy.

There’s usuful documentation about it: