Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article here.
As @anon123@lemmy.ml pointed out, the following issues about PGP are not specifically related to Debian article I linked.
- No authenticated encryption.
- Receiving a signed message means nothing about who sent it to you
- Usability issues with GnuPG
- Discoverability of public keys issue.
- Bad integration with emails.
- No forward secrecy.
There’s usuful documentation about it:
Are you saying that they are removing GPG from debian apt due to GPG being a GNU project? Do you have any reason to believe that this is the case?
It sounds especially weird because the GPG maintainer, Werner Koch, is a member of the GNU assembly (see https://gnu.tools/en/people/) and he also signed the old anti-stallman open letter at https://guix.gnu.org/blog/2019/joint-statement-on-the-gnu-project/ so I really doubt that this is related to any anti-GNU policy.
It is a major reason, considering the kind of menacing push they tried with the open letter, being one of the leading organisations behind trying the cancel culture on RMS and all of his GNU projects.
You can look at the open letter and the RMS support letter, both will have some Debian devs, so this is a matter of nuances what you are trying to say here.