On 10/11/2015 18:31, Robert J. Hansen wrote: > To start things off, here's my contribution: what would people think > about abandoning GnuPG in favor of moving to OpenPGP.js, a Javascript > implementation of OpenPGP? This would make installing Enigmail vastly > simpler, as we'd no longer have a dependency on a third-party > application. Also, we'd only have to support one codebase, instead of > dealing with people who were using GPGTools, GPG4Win, distro-provided > GnuPG, and more.
As long as OpenPGP.js can inter-operate transparently with GnuPG (on the same machine) then that would be fine in principle in my opinion. But it has to be utterly inter-operable such that the end user effectively cannot tell the difference and can switch freely between OpenPGP.js in Enigmail and GnuPG used with other software. The above is a pragmatic reply but the following comments are possibly... religious. ;-) Is GnuPG substantively broken? It really does seem to me that C or C++ are the best place to do encryption. I see no special advantage that Javascript brings for this job, other than that it is today's fad in this particular context. Additionally, one of the recurring problems with open source projects seems to me to be 'start-over-itis': That is the desire to start over because a cool new technology or tool has come along. My view is that longevity is born of long term compatibility and stability, and compatibility and stability are born of sticking with a codebase that is well-tested and known to work. Thus replacing a key part of the code base for reasons that are anything but overwhelming (i.e. the existing code is irretrievably broken) is an error. So the question to my mind is: Is GnuPG irretrievably broken for Enigmail? -- Mark Rousell _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
