Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article here.
As @anon123@lemmy.ml pointed out, the following issues about PGP are not specifically related to Debian article I linked.
- No authenticated encryption.
- Receiving a signed message means nothing about who sent it to you
- Usability issues with GnuPG
- Discoverability of public keys issue.
- Bad integration with emails.
- No forward secrecy.
There’s usuful documentation about it:
It is a major reason, considering the kind of menacing push they tried with the open letter, being one of the leading organisations behind trying the cancel culture on RMS and all of his GNU projects.
You can look at the open letter and the RMS support letter, both will have some Debian devs, so this is a matter of nuances what you are trying to say here.