Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article here.
As @anon123@lemmy.ml pointed out, the following issues about PGP are not specifically related to Debian article I linked.
- No authenticated encryption.
- Receiving a signed message means nothing about who sent it to you
- Usability issues with GnuPG
- Discoverability of public keys issue.
- Bad integration with emails.
- No forward secrecy.
There’s usuful documentation about it:
I do not think so, and even on reddit, r/opsec is very vague. For this reason, I have a guide for it https://lemmy.ml/post/34223 and have been trying to bring a change in the privacy community and in the culture to make it a pro libre and pro privacy culture via r/privatelife and c/privatelife.
I have helped a lot of people successfully, and continue to try and help communities and individuals in a hope for a changed future.