Hi All,
I was looking at GnuPG and it seemed very old to me. Then I realised it was on the Classic Branch 1.4. Reading about this branch, it is still getting security updates (last in 2018) but its purpose is said to be to support people who have archives of documents, messages, etc that are signed by old PGP keys that are no longer supported in the Modern Branch 2.x.. Hence 1.4 is required to be able to decrypt them.
Is IPFire using the 1.4 Branch because there is some historic requirement for the older insecure keys.
If yes, or there is some other reason that means IPFire should stay on 1.4 then I will leave GnuPG alone.
If no then I would have a go at updating GnuPG to the 2.2 Branch that is current.
I will wait to hear your feedback on this before doing anything.
Regards,
Adolf.