yossarian (1.3.6.1.4.1.55738)May 21, 2023

PGP signatures on PyPI: worse than useless

https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless

#programming #devblog #cryptography #rant #python #xp

PGP signatures on PyPI: worse than useless

Show threadGregory P. Smith (he/him)  πŸš²πŸ¦ May 21, 2023

@yossarian
PGP signatures: worse than useless.

There, I fixed it for you.

As tools GPG (and PGP) are simply unusable by anyone but fastidious zealot pedants. And thus always used wrong.

@glyph

Show threadKushal Das   πŸ‡ΈπŸ‡ͺMay 21, 2023
@gpshead @yossarian @glyph I still have hope to fix the usability of tools/services in future. I know most of my friends totally lost all hope :)
Show threadGlyphMay 21, 2023
@kushal @gpshead @yossarian the world needs more good signing and security tools, but the sooner you abandon GPG (and OpenPGP more broadly) the sooner you can start building those ;-). There's really nothing worth salvaging here.
Show threadKushal Das   πŸ‡ΈπŸ‡ͺMay 21, 2023

@glyph @gpshead @yossarian I beg to differ on that point. @[email protected] & I are building https://tumpa.rocks/

Here is an example where we can have better UX focused tools in the #OpenPGP land.

Tumpa

Tumpa is a usability-minded OpenPGP desktop application that makes key management and smartcard controls easy and usable for everyone.

Show threadGlyph
@kushal @gpshead @yossarian @saptaks agree to disagree, I guess.
May 21, 2023 at 7:20pmWeb