Talk:GNU Privacy Guard

From Wikipedia, the free encyclopedia

This is the talk page for discussing improvements to the GNU Privacy Guard article.
Please sign and date your posts by typing four tildes (~~~~). Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Ask questions, get answers. This is not a forum for general discussion about the article's subject.	Be polite Assume good faith No personal attacks Be welcoming	Article policies No original research Neutral point of view Verifiability

	Free software Portal This article is part of WikiProject Free Software, an effort to create, expand, organize, and improve free software-related articles.
Start	rated as Start-Class on the assessment scale
Mid	rated as Mid-importance on the assessment scale

Contents 1 Old Discussion 2 added 'how to use' section 3 POV 4 Image 5 links pointing to the same article 6 Enigmail a compromise? 7 Fair use rationale for Image:PGP form.png

[edit] Old Discussion

Matt, I puzzled over that wording and was not happy with what I ended up with. You've solved exactly the problem I had with it, and within minutes too. Thanks. ww 14:58, 1 Jun 2004 (UTC)

Glad I could help! It's got me thinking, though: does anyone proactively audit GnuPG, like is done in OpenBSD? — Matt 15:27, 1 Jun 2004 (UTC)

If you mean the software itself, yes, why not? The GNU project is the place where the heart of open source develompent beats. Cbguder 17:09, Jun 2, 2004 (UTC)

I think it was "crypto auditing" Matt meant here, and I don't know. Clearly there is some 'lots of eyeballs means all bugs are shallow' stuff, as Nuygen's observation is an example thereof, and Cbguder probably had one or more apects of that in mind here, but formal auditing... ?? Sorry not to have known. This goes on my things to checklist, I suppose. ww 13:58, 3 Jun 2004 (UTC)

Well, what's formal in the free software scene anyway? =) Btw, ww, thanks for moving the logo, it looks much better now. =) Cbguder 15:03, Jun 3, 2004 (UTC)

I'd take the credit, but I suspect Matt would object. It was his fault! As for formal, I meant here planned, intentional, regular, deliberate, explicit as opposed to catch as catch can, when/if someone notices, etc. Like that. ww 18:02, 3 Jun 2004 (UTC)

I see, here's the case: it's not that loose so that the whole project depends on coincidences, but there are no guarantees either. There are people devoted to every project, and of course these projects have leaders and sometimes even schedules. They don't stumble by bugs, they search for them, but still no guarantees... =) Cbguder 19:57, Jun 3, 2004 (UTC)

As of 2007, There has been at least one person (Felix von Leitner) interested in doing an OpenBSD-style secure code audit. He even provided a diff. From http://seclists.org/fulldisclosure/2007/Jan/0267.html :

I did a gnupg audit recently. I was, frankly, appalled by the code quality. It is a desert of pointer manipulation, string copying, memcpy and strcpy are used all over the place, and sprintf, too.

165.91.215.88 17:11, 12 October 2007 (UTC)

Felix did find a few minor bugs, but a lot of his claims were totally incorrect and based on misunderstanding how gpg works (for example, he claimed guessing the pid, time and some uninitialized stack data was enough for an attack (it isn't)). I've audited gpg occasionally, but nothing formal, eg [1], [2], [3], and a few others. If someone wanted to set up a formal audit, I'd get involved. Unlike Felix, I quite like the gpg codebase. -- taviso 20:38, 14 October 2007 (UTC)

[edit] added 'how to use' section

I hope it's OK that I've added a new section with only an outline of the desired content.

I've found the GnuPG documentation to be difficult to understand, since they are so expansive and seem to be designed for experts who will read the document from start to finish. What I need -- and what I think others need, hence my addition of a skeletal section to this fine webpage -- is a simple few-step guide.

If (or when) I figure out how to do these simple things, I'll add something here. Well, that's assuming that my change doesn't get reverted by folks who know better what should be here.

I actually know how to do some of the steps, but the exporting step isn't working well. It seems that I have to edit a file in ~/.gnupg, which is OK except that I don't know the syntax to use for, say, the MIT keyserver, which is the one I normally favour for web-based work.

--Dankelley 17:32, 27 Nov 2004 (UTC)

It sounds like a great idea, but this article isn't really the place for it. It would work well on Wikibooks, though. — Matt 18:20, 27 Nov 2004 (UTC)

Thanks. It seems you're the authority, so please go ahead and delete/revert my added section. Thanks for getting back to me, and thanks for your work on this page. --Dankelley 00:24, 28 Nov 2004 (UTC)

Thanks (although I've only contributed a small amount to this article!) I should really also point out that nobody on Wikipedia has any more rights or say-so over a page than anyone else...in a sense, everyone is the "authority" — but the aim is to produce encyclopedia articles, and "tutorial"-type content doesn't really fit on Wikipedia. Of course, you'd be very welcome if you wanted to help expand the description of how GnuPG works (it could do with some work), but the slant is towards describing the system, rather than teaching people how to use the software. — Matt 00:45, 28 Nov 2004 (UTC)

Dankelley, you might want to start something in Wikibooks as Matt suggested, I am willing to help too. We can look at Wikibooks:Cryptography or Wikibooks:Cryptography:Digital_signatures to find where to put this "GnuPG (Howto)" book, and start! In fact, I even thought I should one day or another put my Enigmail tutorial in wikibooks too ;-) -- ClementSeveillac 04:00, 28 Nov 2004 (UTC)

[edit] POV

The new additions to the second paragraph under "Problems" seem a little too POV Suggestions? Turnstep 14:45, September 8, 2005 (UTC)

I've edited a little, primarily removing bits that (I felt) wasn't necessary. For stuff like this, I think it's easiest to stick to simple statements of facts, and not try and provide commentary or analysis. — Matt Crypto 16:39, 8 September 2005 (UTC)

I have changed the paragraph on GPGME, due to factual errors: gpg and gpgme do communicate through a stable interface designed for machine use (ala GDB annotated machine interface). An API does not need to be a function call. Described an advantage of using a co-processes. -Werner

[edit] Image

I added an image that shows the general form of an encrypted file using the PGP protocol. I hope nobody minds; I personally feel that it's a useful addition. Midwinter 01:28, 23 January 2006 (UTC)

[edit] links pointing to the same article

While it's true that parsimony suggests conflation of the links, I reverted it for two reaosns. First, the links may not always point ot hte same thing as WP changes and morphs. And, second, there are two distinct entities being pointed at here, even if they are currently pointing to the same thing. One's a standard, one's a software product. Infact, I think the problem is that there should be two articles. ww 20:21, 4 June 2006 (UTC)

I agree that there should be two articles. — Matt Crypto 22:31, 4 June 2006 (UTC)

[edit] Enigmail a compromise?

I don't understand why Enigmail should compromise GPG's security (even hypothetically). Did Evolution and KMail's developers consult the GPG team? Jancikotuc 19:38, 24 February 2007 (UTC)

[edit] Fair use rationale for Image:PGP form.png

Image:PGP form.png is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to ensure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images lacking such an explanation can be deleted one week after being tagged, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot (talk) 15:29, 8 March 2008 (UTC)