1 |
On Sat, Feb 23, 2019 at 2:46 AM Michał Górny <mgorny@g.o> wrote: |
2 |
|
3 |
> On Tue, 2019-02-19 at 15:16 -0500, Rich Freeman wrote: |
4 |
> > Also, as far as I'm aware GLEP 63 does not require an encryption key |
5 |
> > at all, just a signing key. I'm not sure if such signing-keys will be |
6 |
> > signed by Gentoo under this proposal. If not then there is nothing to |
7 |
> > upload to the keyserver, and in any case it seems like the main use |
8 |
> > case of this (sending encrypted email) would not apply. Of course it |
9 |
> > could still be used for verifying email signatures if we sign |
10 |
> > signing-only keys. |
11 |
> |
12 |
> If someone really believes it's fine to have no encryption subkey just |
13 |
> because the GLEP doesn't require one explicitly... It either means that |
14 |
> person is seriously lacking the technical competence, or is a horrible |
15 |
> troll. In either case, I don't believe such a person should be a Gentoo |
16 |
> developer. |
17 |
> |
18 |
|
19 |
- Why does setting up GPG to receive encrypted messages imply technical |
20 |
competence? |
21 |
|
22 |
- As rich noted, most people have no idea how GPG works and they just do |
23 |
whatever they are instructed to do. I don't think a lack of knowledge of |
24 |
GPG indicates "being a troll" nor "lack of technical competence." Its a |
25 |
terribly designed piece of software from a usability perspective. I |
26 |
understand its a complex space (as many security domains are) but I'm not |
27 |
sure the right way to proceed is to force everyone to learn the inner |
28 |
workings of the space. The goal should be to create a system where users |
29 |
don't have to know all the details but still get a good security value. |
30 |
|
31 |
-A |
32 |
|
33 |
|
34 |
> |
35 |
> -- |
36 |
> Best regards, |
37 |
> Michał Górny |
38 |
> |