@netzschleuder@social.skewed.depgp_strong: PGP web of trust (2009)
Strongly connected component of the Pretty-Good-Privacy (PGP) web of trust among users, circa November 2009.
This network has 39796 nodes and 301498 edges.
Tags: Social, Online, Unweighted
https://networks.skewed.de/net/pgp_strong
@netzschleuder@social.skewed.depgp_strong: PGP web of trust (2009)
Strongly connected component of the Pretty-Good-Privacy (PGP) web of trust among users, circa November 2009.
This network has 39796 nodes and 301498 edges.
Tags: Social, Online, Unweighted
https://networks.skewed.de/net/pgp_strong
@mgorny@social.treehouse.systemsSequoia PGP exemplifies everything that's wrong about #RustLang (don't mean this against Sequoia). It features a bunch of different CLIs, which is a reasonable design.
If Sequoia were written in C, these CLIs would probably be using some shared library. If Sequoia were written in Python, they would probably use a shared Python package. However, it's written in Rust, so every CLI is a huge binary with its own copy of subset of shared Sequoia code, built separately:
-rwxr-xr-x 1 root root 12M 10-08 06:36 /usr/bin/gpg-sq
-rwxr-xr-x 1 root root 4,7M 10-08 06:36 /usr/bin/gpgv-sq
-rwxr-xr-x 1 root root 21M 10-08 08:38 /usr/bin/sq
-rwxr-xr-x 1 root root 6,9M 10-08 08:38 /usr/bin/sqop
-rwxr-xr-x 1 root root 3,1M 10-08 08:32 /usr/bin/sqv
@mgorny@pol.social @mgorny@pol.socialSequoia PGP ukazuje wszystko to, co jest nie tak z #RustLang (nie czepiam się tu projektu Sequoia). Mamy kilka różnych binarek CLI, co ma sens.
Gdyby Sequoia była napisana w C, to najpewnie używałyby jakiejś biblioteki współdzielonej. Gdyby napisała była w Pythonie, to najpewniej mielibyśmy wspólną paczkę Pythona. Ale napisano ją w Ruście, więc każdy interfejs to odrębna, wielka binarka z włas…
@midtsveen@social.linux.pizza @netzschleuder@social.skewed.depgp_strong: PGP web of trust (2009)
Strongly connected component of the Pretty-Good-Privacy (PGP) web of trust among users, circa November 2009.
This network has 39796 nodes and 301498 edges.
Tags: Social, Online, Unweighted
https://networks.skewed.de/net/pgp_strong
@qbi@freie-re.de @netzschleuder@social.skewed.depgp_strong: PGP web of trust (2009)
Strongly connected component of the Pretty-Good-Privacy (PGP) web of trust among users, circa November 2009.
This network has 39796 nodes and 301498 edges.
Tags: Social, Online, Unweighted
https://networks.skewed.de/net/pgp_strong
@mgorny@social.treehouse.systemsLet's be honest. I've been a strong supporter of #OpenPGP (or #PGP in general) for a long time. And I still can't think of any real alternative that exists right now. And I kept believing it's not "that hard" — but it doesn't seem like it's getting any easier. The big problem with standards like that are tools.
#WebOfTrust is hard, and impractical for a lot of people. It doesn't really help how many tools implement trust. I mean, I sometimes receive encrypted mail via #EvolutionMail — and Evolution makes it really hard for me to reply encrypted without permanently trusting the sender!
The whole SKS keyserver mess doesn't help PGP at all. Nowadays finding someone's key is often hard. If you're lucky, WKD will work. If you're not, you're up for searching a bunch of keyservers, GitHub, or perhaps random websites. And it definitely doesn't help that some of these may hold expired keys, with people uploading their new key only to a subset of them or forgetting to do it.
On top of that, we have interoperability issues. Definitely doesn't speak well when GnuPG can't import keys from popular keyservers over lack of UIDs. And that's just the tip of the iceberg.
Now with diverging OpenPGP standards around the corner, we're a step ahead from true interoperability problems. Just imagine convincing someone to use OpenPGP, only to tell them afterwards that they've used non-portable tool / settings, and their key doesn't work for you.
That's really not how you advocate for #encryption.