| 1 |
On Sat, Feb 23, 2019 at 2:46 AM Michał Górny <mgorny@g.o> wrote: |
| 2 |
|
| 3 |
> On Tue, 2019-02-19 at 15:16 -0500, Rich Freeman wrote: |
| 4 |
> > Also, as far as I'm aware GLEP 63 does not require an encryption key |
| 5 |
> > at all, just a signing key. I'm not sure if such signing-keys will be |
| 6 |
> > signed by Gentoo under this proposal. If not then there is nothing to |
| 7 |
> > upload to the keyserver, and in any case it seems like the main use |
| 8 |
> > case of this (sending encrypted email) would not apply. Of course it |
| 9 |
> > could still be used for verifying email signatures if we sign |
| 10 |
> > signing-only keys. |
| 11 |
> |
| 12 |
> If someone really believes it's fine to have no encryption subkey just |
| 13 |
> because the GLEP doesn't require one explicitly... It either means that |
| 14 |
> person is seriously lacking the technical competence, or is a horrible |
| 15 |
> troll. In either case, I don't believe such a person should be a Gentoo |
| 16 |
> developer. |
| 17 |
> |
| 18 |
|
| 19 |
- Why does setting up GPG to receive encrypted messages imply technical |
| 20 |
competence? |
| 21 |
|
| 22 |
- As rich noted, most people have no idea how GPG works and they just do |
| 23 |
whatever they are instructed to do. I don't think a lack of knowledge of |
| 24 |
GPG indicates "being a troll" nor "lack of technical competence." Its a |
| 25 |
terribly designed piece of software from a usability perspective. I |
| 26 |
understand its a complex space (as many security domains are) but I'm not |
| 27 |
sure the right way to proceed is to force everyone to learn the inner |
| 28 |
workings of the space. The goal should be to create a system where users |
| 29 |
don't have to know all the details but still get a good security value. |
| 30 |
|
| 31 |
-A |
| 32 |
|
| 33 |
|
| 34 |
> |
| 35 |
> -- |
| 36 |
> Best regards, |
| 37 |
> Michał Górny |
| 38 |
> |
Archives