[georgyo]

What about code signing?

People like to dislike PGP and replace it with a myriad of different solutions. But PGP is everywhere and awesome. It's very wide spread adoption is invaluable. I really don't want to see it replaced with zillions of different bespoke solutions.

[tadfisher]

Yep! It's magical having everything signed automatically by plugging in my Yubikey and setting some git config once. I will not go to something that doesn't enable this.

[kevdev]

This. I’m a backer for their Kickstarter but the lack of PGP is unfortunate. Yes, there are problems with it. But as you said, it’s everywhere. It’s not going anywhere anytime soon, so what’s the harm in supporting it for now?

[IgorPartola]

Why do people like to hate on PGP? It’s a pretty great project.

[Avamander]

Because it has a shitton of issues. The implementations aren't great, cryptographic issues, memory safety issues, stable API/ABI issues. It's still not supported well by software that could use these features.

[GekkePrutser]

Most of the security issues are mitigated by using a hardware token to do the actual encryption anyway.

[Avamander]

Those are expensive

[georgyo]

You do realize that the solokey is a hardware token....

[Avamander]

Yes, but a Solokey is half the price of a Yubikey that could do the encryption implied by OP. And to be fair, even Solokey is too expensive for most.

[GekkePrutser]

Yeah I dislike PGP mainly for email by the way. It's too clumsy there.

For file encryption and signing it's great IMO.