[soatok]

> It's all best practices and hygine stuff. Which is fine, but hardly justfication for "Bad Cryptography".

Cryptographers have spent years trying to clean up the GNU cryptography ecosystem [1] [2].

[1] https://twitter.com/FiloSottile/status/1281055144659030016

[2] https://lists.gnupg.org/pipermail/gcrypt-devel/2015-November...

[ajross]

Isn't that true of almost every crypto protocol, though? As I mention, this kind of stuff is absolutely routine. Free software protocols, open source protocols, standardized protocols, proprietary protocols.

I get that crypto is hard (again, the messup in the central criticism in the linked article is a great existence proof). I don't get why you feel like taking potshots at GNU in particular is justified except to flog your personal political agenda.

[soatok]

I don't have a personal political agenda here.

I'd love for GNU cryptography to be better, but the first step in fixing problems is to acknowledge they exist in the first place.

GNUnet, GnuPG, etc. need to actually learn from modern cryptography projects like age and Signal, instead of doubling down in the name of ideology.

[detaro]

I have no clue on what "ideology" they (who are they? The GNUnet developers? The gnupg developers? all developers associated with GNU projects?) are "doubling down" on in your opinion, despite reading the article.

[ajross]

> I don't have a personal political agenda here. [one sentence later...] GNUnet, GnuPG, etc. need to [...] instead of doubling down in the name of ideology.

Just stop. If you have criticisms, make them. Leave your politics out of it.