I'm not sure why you are posting this here instead of patching this up and creating a PR.
A couple of solid ones.
1. Do I understand things correctly? We're not talking about a bug fix, we're talking about architectural and API changes. These are not things to be done lightly. Discussing proposed changes before going through the work of implementing them is generally a better option.
2. I'm a former government-funded digital forensics researcher who has delivered research results at NSA. That's enough to make me permanently suspect in the eyes of some people in the community. For this reason I don't touch the code. I don't want anyone who might be thinking of using GnuPG decide "no, no, I can't trust it, they accept patches from people with NSA ties."
#2 also has a disturbing aspect of there are people in this community who are clinically paranoid and mentally ill. 95% of these people are harmless victims of a terrible mental illness who deserve our love, support, and understanding.
5% of these people send me unhinged emails threatening my life. =====If you are legitimate, wait three days for me to cool down you asshole. I have sat here and tolerated the pandering to Windows people the Gnu people have been telling Microsoft people are stupid long enough. Personally, these statements by you are TOTALLY out of character to ***EVERYTHING*** I have heard from Werner Koch and others say for years. I have assumed all during this time that Werner and the others are much more intelligent than me (true). I have also assumed that they are so busy that they haven't had time to do much of anything else (that I don't know the truth of). I don't give a damn how many people have signed your god-damn keys. THAT IS WHY I SAY, IF YOU ARE A GOD-DAMN FBI AGENT YOU GO TO HELL!!! I WILL KILL YOU, YOU SON OF SATAN!!! This message is signed and encrypted. Take it for what it is worth. If the filthy United States would allow me to adopt my nom-de-guerre as legitimate legal alias I would do so and MAYBE (*JUST* *MAYBE*) the signing of this message would have more meaning to you. I doubt it though.
=====Really, folks, that's what some users send me. That's about one-sixth of the complete email, which is … well, much the same as that excerpt. That guy also dug up my home address, my employer, and my phone number. I had to get the police involved and it was a bad experience for everyone.
Also remember that when the SKS keyserver network was poisoned by certificates sporting hundreds of thousands of spurious signatures, that was almost certainly done by someone who believed they needed to "save the GnuPG ecosystem". The fact they used the certificates of Daniel Kahn Gillmor and myself to wage this attack also tells you who this deranged person thought GnuPG needed to be saved from. The more I touch the code, the more the nutcases like the key-poisoner are incentivized to act.
So, yeah. As a general rule I don't touch the code unless explicitly invited. I don't want to cause anyone to lose faith in GnuPG, and I don't want to provoke the crazies into "saving GnuPG".
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
