GnuPG 2.5.19 ships Kyber (ML-KEM / FIPS-203) as its first post-quantum encryption algorithm, with 2.4.x EOL in two months.
Key Takeaways
GnuPG 2.5 series adds ML-KEM (Kyber, standardized as FIPS-203) as a PQC encryption option alongside existing OpenPGP algorithms.
The 2.4 stable branch reaches end-of-life roughly two months from release, making 2.5 the upgrade path for anyone needing long-term support.
2.5.x also targets 64-bit Windows improvements, so the PQC work lands alongside a platform modernization push.
ML-KEM is NIST-standardized, reducing the risk profile compared to earlier experimental PQC integrations.
Hacker News Comment Review
The single substantive comment clarifies that 2.5 is the designated series for both the Windows 64-bit overhaul and Kyber introduction, not a separate experimental branch.
The EOL timeline for 2.4 adds urgency: operators relying on GnuPG for email, package signing, or secrets management have a narrow window to validate 2.5 compatibility.