| GPG-PGP works well, has tooling on pretty much every platform, is a mature, well-established product. The complicated features are optional. Using something like age, with one reference implementation in Go, not supported by most languages, nor time-tested, is just asking for trouble, like surprise exploits or bitrot making your data unusable. I am perplexed by the frequency of "PGP/GPG is old, let's replace it with something new and untested" posts on HN... In software development, OLD is GOOD. (As a side note, I don't think Debian has been at the forefront of rational decisionmaking for a while, so I wouldn't watch them too closely.) |