[latchkey]

Nice work. I know this is just a simple shell wrapper around gpg (which I appreciate), but if I was going to rely on this, I'd like to see:

Prefer just a simple MIT over GPL (and properly license your repo on Github)

Unit tests

Build it with CI/CD

Releases with tags

Available on a package manager (brew/apt/...)

[nequo]

What is the problem with GPL if you’re a user and not trying to reuse the code in a closed-source product for sale?

[latchkey]

KISS

This is a simple script, it deserves a simple license.

Nobody is going to 'sell' just a simple one page script and nothing prevents me from looking at the arguments it uses and putting them into my own commercial product. You don't 'license' arguments to gpg.

[jph]

It turns out that GPL is a much simpler license for very large enterprises. In fact, this GPL license was originally chosen because it's the simplest for one of my Fortune 50 company clients.

[latchkey]

Simpler than what, MIT?

[jph]

Yes simpler than MIT.

The Fortune 50's compliance team carefully evaluated many open source licenses, including MIT, BSD, GPL, Apache, etc. and determined that GPL is the best for their company for internal tools such as these, that must be wholly separate from any product offerings.

And when I say carefully, I mean multiple lawyers, for multiple years, considering many worldwide regulatory compliance laws. GPL won over all the other options.

[nequo]

Do you know what makes MIT and BSD more complicated for internal tools for these companies?

What about MIT or (two-clause) BSD makes it harder to comply with? Would attribution be an excessive burden for them in case such code ended up in their own products?

My understanding is that BSD and Apache were historically favorable licenses for code that was intended to promote a protocol and make it an industry standard. Easy reuse helped achieving this goal. For example, IIRC FreeBSD's TCP/IP code was repurposed for Windows and MacOS X, and the Apache HTTP server also went a long way toward establishing HTTP as a standard.

Edit: Paragraph on standards.

[latchkey]

Creating a dependency on a 3rd party piece of software or releasing an internal tool as open source?

[jph]

Good constructive feedback, much appreciated.

> Prefer just a simple MIT over GPL

Done. I added MIT or Apache-2.0 or GPL-2.0-or-later.

> properly license your repo on Github

Done. I added LICENSE.md file with SPDX links.

> Unit tests

Done. I added example tests. Do you have a preferred POSIX shell script unit test approach?

> And more...

Good ideas, all of them. I'll add your ideas to a new TODO section.

Thank you so much!