Page MenuHome GnuPG

Updated 2,600 Days AgoPublic



  • "I would donate if they prioritise post quantum signing in GPG. Then it will still be useful for long term code/binary signing. An algorithm from DJB or Lange is probably a safe bet." (Hx3rw7oB1rXla91G)


  • "From a businesss perspective, they need a pivot. They need some commercial product or commercial license for business use cases." (prozacgod)
  • "the GPG manual only tells you how to use it, not what your goals might be and what you need to do to accomplish them securely." (luke-jr)
  • "Manually managing keyrings is brutally painful and buggy. It's designed to be used in exactly it's way. Despite seeming very command line oriented you're actually quite limited in what you can do when it comes to multiple keyrings (and not using a default user keyring). It's just irritating software to use." (Likely_not_Eric)

Heise online

  • "Jedenfalls würde ich mit Freude etwas Spenden wenn die Mittel dazu verwendet würden GPG zu vereinfachen und unnötige oder sogar gefährliche Funktionalitäten wie die eingebetteten Dateinamen wieder zu entfernen oder zumindest nicht mehr per Default zu benutzen." (die kleine Himbeere)
  • "immer stärker überbordende Komplexität und seine umständliche Bedienung aus der Kommandozeile", "anstatt die man-Page zu verbessern, wollen sie jetzt ein Buch heraus bringen? [...] Mir wäre eine drastische Abspeckung von GnuPG, und auch seiner man-Page jedenfalls deutlich lieber.", "Zu viele Optionen, und einige davon (wie --no-use-embedded-filename) sind eigentlich nicht wirklich optional sondern vielmehr nötig um Sicherheitslecks zu vermeiden." (die kleine Himbeere)


  • "I'll happily fund however much it will take to get them to religiously follow SemVer. Because there are soooo many breaking changes in patch releases that it's nearly impossible to keep our automation pipeline around gpg2 working consistently." (im_down_w_otp)
  • "I hope they spend some of that money on the keyservers, they seem to be down every time I want to grab some gpg keys." (RX14)
  • "Useful spending of that money would be UX issues, making the horror that is using this stuff bearable. Usability is atrocious and if you do not use it all the time you have to google the simplest things (for which the results are mostly outdated or wrong or bad practice so you have to be careful with which explanation you follow) which the software itself could explain to you." (waldfee)


  • "One day I hope to see a source code review for GNuPG similar to Veracrypt."
  • "I use gpg mainly for encrypting files tracked in a Git repository. I'm more interested in CLI / core improvements that integration with various mailers / keys etc."
  • "Looking forward to the book!"
Last Author
Last Edited
Jun 9 2017, 4:53 PM

Event Timeline

marcus edited the content of this document. (Show Details)
marcus edited the content of this document. (Show Details)
marcus edited the content of this document. (Show Details)
werner changed the edit policy from "All Users" to "Administrators".Jan 4 2022, 2:42 PM