gnupg2 (2.4.7-4) experimental; urgency=medium

  The upstream GnuPG project now explicitly and deliberately diverges from
  the OpenPGP standard.  Debian's own workflows rely heavily on OpenPGP,
  and we ship several different OpenPGP implementations, so
  interoperability via standardization is a priority for the project.

  While Debian still has significant dependencies on GnuPG, the version of
  GnuPG shipped in Debian will default to emitting only OpenPGP-compatible
  artifacts if at all possible.  As of 2.4.7-4, the default
  is --compliance=openpgp, and we apply several patches to ensure that
  this mode is respected.

  If you observe GnuPG in Debian emitting a non-OpenPGP artifact in a
  scenario where a standard OpenPGP artifact is intended or expected,
  please open a critical bug report in the Debian BTS.

  If you want Debian's GnuPG to emit non-standardized artifacts, in line
  with upstream's deliberate divergence, you can explicitly pass
  --compliance=gnupg (or set the corresponding option in
  ~/.gnupg/gpg.conf).  If you revert to compliance with upstream defaults,
  do not expect the material you produce to be interoperable with other
  OpenPGP implementations.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 07 Feb 2025 23:35:29 -0500

gnupg2 (2.2.27-2) unstable; urgency=medium

  Starting with version 2.2.27-1, per-user configuration of the GnuPG
  suite has completely moved to ~/.gnupg/gpg.conf, and ~/.gnupg/options
  is no longer in use.  Please rename the file if necessary, or move
  its contents to the new location.

 -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Thu, 22 Apr 2021 20:37:45 +0200

gnupg2 (2.2.17-1) unstable; urgency=medium

  Upstream GnuPG now defaults to not accepting third-party certifications
  from the keyserver network.  Given that the SKS keyserver network is
  under attack via certificate flooding, and third-party certifications
  will not be accepted anyway, we now ship with the more tightly-constrained
  and abuse-resistant system hkps://keys.openpgp.org as the default
  keyserver.

  Users with bandwidth to spare who want to try their luck with the SKS
  pool should add the following line to ~/.gnupg/dirmngr.conf to revert to
  upstream's default keyserver:

      keyserver hkps://hkps.pool.sks-keyservers.net

  See the 2.2.17 section in the upstream NEWS file at
  /usr/share/doc/gnupg/NEWS.gz for more information about fully
  reverting to the old, risky behavior.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 11 Jul 2019 22:12:07 -0400

gnupg2 (2.1.11-7+exp1) experimental; urgency=medium

  The gnupg package now provides the "modern" version of GnuPG.

  Please read /usr/share/doc/gnupg/README.Debian for details about the
  transition from "classic" to "modern"

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 30 Mar 2016 09:59:35 -0400