[hasteur]

I understand the need to fund things, but could someone illuminate for a end consumer of the software what requires 15k euros a month development for GnuPG? Yes new cyphers/PRNGs/hashes come online, but it doesn't seem to be moving as quickly as other internet infrastructure (GnuTLS, X.org, SSL, NTPD) products.

It seems like things that were sponsored by major organizations because they saw the good in having their name associated with a product or service in favor of getting the "internet at large" to pay for things that have become ingrained as "But it's free so why should we pay for it?"

[waldfee]

Useful spending of that money would be UX issues, making the horror that is using this stuff bearable.

Usability is atrocious and if you do not use it all the time you have to google the simplest things (for which the results are mostly outdated or wrong or bad practice so you have to be careful with which explanation you follow) which the software itself could explain to you.

[nickpsecurity]

"Useful spending of that money would be UX issues, making the horror that is using this stuff bearable."

100%. Freeze all work on crypto except for fixes for new problems that show up. All rest of money goes to hiring a UX expert for a design that anyone can pick up for common case and then implementing it.

[confounded]

An alternative might just be to expose more of the underlying functionality via non-interactive interfaces, to encourage third-party/FOSS simplified interfaces for specific tasks.

Even trying to use a bash script to automate things is tricky because of gpg2's interactivity. I'm sure it was put there to improve usability, of course :) (which it does, in the interactive case).

[cJ0th]

I'd generally agree. Although I think this is rather something the people behind Enigmail should figure out. The vast majority of gpg users will never interact with it over the terminal, probably.

[waldfee]

You're right. Not only GnuPG but everything around it (mostly email clients) are in dire need of a UX overhaul.

Presenting such a complicated technical topic only in it's purely technical form is not enough imho. Clear and concise explanation for each and every action and item that gets displayed (and the whys!) would do wonders.

[simias]

The page gives some informations about where the money will go:

> This money will firstly allow us to continue our maintenance of GnuPG. We also intend to use it to fund our work on the Gnuk security token. And, one new project that it will support is a book called "An Advanced Introduction to GnuPG." A book for developers who want to integrate GnuPG into their programs, and need to understand the various concepts, the important security tradeoffs, and common pitfalls; for digital security trainers who need to understand GnuPG to be able to make sound recommendations to users; and, of course, for enthusiasts.

I agree with waldfee that it would probably be a very good idea to invest a chunk of that money into UI improvements. GnuPG is not exactly the friendliest program out there, even for those of us who are very comfortable doing everything from the command line.

[anilshanbhag]

Exactly my thoughts. Also, many people have given up signing emails with pgp as most recipients use cloud based service like Gmail making it almost useless. This leaves a small niche community where both ends are outside the cloud based email network like journalist usecase maybe.

[Xylakant]

signing emails is by far not the only use-case for gpg. The entire package signing infrastructure of all linux distributions is underpinned by gpg. Even if they spend all of the 15K each month on having a single developer audit and improve the code-base, I'd be fine with that.