|
|
|
|
|
|
by VienneseCPA
4072 days ago
|
|
|
Heh, no. GPG mitigates a wide spectrum of threats. Not all threats. It's part of an over-all strategy of risk management. Your thinking of "it's a silver bullet that fails completely" is as lulzy as the people who think "it's a silver bullet that works perfectly." Think probabilistically, not black-and-white binary logic. |
|
|
- I experienced lots of gifted geeks doing stupid things with key signing party (like creating fake ID for their cats); - I experienced IT specialist from the security unable to use GPG with their mailbox to send their forms to RIPE so we used clear text passwords in mail (yes they were of course security experts); - I know for real secret services care more about who talks to whom secretly than what is the secret. And using GPG/PGP is like a smoking gun.
I did too lost all my floppy disk with my revocation key.
I do use my PGP key to sign my python packages. But this UI/UX is hellish.
So yes, GPG sux and is unusable by mere mortals, and even me who advocated for it in the late 90's think that I will not let anyone try to drag any relatives of mine close to this hell, because I would have to do the support, and this product sux big balls.