thepwagner
commented
1 year ago FWIW I've personally used https://github.com/ProtonMail/go-crypto/tree/main/openpgp and it works dandy - drop-in replacement and additional features.
I forget the details of my usage but golang.org/x/crypto was missing some signature format that Debian(?) used.
Voucher relies on golang.org/x/crypto/openpgp , which is deprecated.
We should replace the usage of that library, or remove PGP as a signing option.
Related