I was not in the loop of PGP developments for the past 3 years, so -just yesterday- while making a new config setup from scratch I discovered apparently incompatible (very opinionated) implementations of PGP, namely LibrePGP vs sequoia-pgp (among others).
Apparently GnuPG diverges from the OpenPGP standard and I am not into the topic enough to fully see through the BS from the justifications from either side, namely 1 2 3
Question: What are the implications for us users of PGP from this drama? In particular
- Is LibrePGP = GnuPG? What exact versions of GnuPG are relevant in the drama linked above?
- What implementation should i use if i want best coverage (so as little problems with conflicting versions as possible)? (-> How is the current distribution on people using GnuPG vs not GnuPG?)
- I want to use a GUI (i am used to kleopatra) as pure GPG is a “masochist’s dream” [4] and i can not bother myself to write wrapper scripts. As I understand, the Rust implementation does not have one, right?
- What is a sensible setup to have all this work with a sensible email client (willing to switch from thunderbird to ANY other solution if it can easily access the keystore in which the pgp keys are in)
