1. 28

  2. 5

    I am very grateful for projects like Sequoia, RNP and all the OpenPGP implementations that have emerged in the last year. IMHO the perceived monopoly of GnuPG is worrisome considering the OpenPGP ecosystem: the linked LWN article points out only some issues of GnuPG, like its interwoven codebase that has not been developed with unit tests from the beginning. Those are typically red flags when it comes to security related software.

    Full disclosure: I may could be, possibly rightfully, criticized as Sequoia fanboy, given that this is my second comment like this in a row. The other comment is in the articles about the new Thunderbird version using RNP for OpenPGP.

    1. 3

      The trouble with GnuPG wasn’t primarily the C part. It’s that OpenPGP is like those comedy swiss army knives. You open one blade and it’s an umbrella, the next one is a neck massager, the next a rabbit and so on.

      It doesn’t even attempt to do many things badly: it does nebulous things, badly, back from the times in the 90s when people thought encryption was a far less diverse thing than it really is.

      Email encryption? Just forget it. Signing software packages? signify Backups? Borgbackup Secure comms? Signal Encrypt files? age