Follow

Let’s get an idea about GnuPG/PGP. I’d appreciate boosts and replies.

GnuPG/PGP:

@0xf0

I don't use it but wrote a big blog serie about ! In both french and english.

@0xf0 I use gpg all the time, but only for encrypting files with passphrases. Key management and frankly anything having to do with *other people* is way beyond my scope of interest.

@0xf0 my password manager is using it so... very often

@0xf0 round about three minutes after painstakingly having relearned which options I need for basic operations I forget them again.

@jpmens we've all been there.

...we ARE all there.:)

@0xf0 I think this poll lacks

- I don't want to use it but I have to
- I don't have to use it but I want to

@0xf0 used for:
- decrypting my email passwords (several times per hour)
- singning git commits
in combination with a usb key

@tokudan that's interesting.

I read a similar workflow from @neox; I also do the same at work but none of my coworkers really cares.

Do you folks have some process around the signature verification?

@0xf0 I'm not a developer.
While I usually sign all my commits, it's mainly "because I can", which is actually very useful when mixed with configuration management of systems. That gives you a reliable trail you can follow to see if the system is in a legit state.

@0xf0 I voted "barely" but correct would be "exactly once". I just tested it with one other email contact. Then never again. May keys are expired and lost since then.

@storchp heh, "never again" should be made an option for the next survey.

@0xf0 I personally use it frequently to sign mails, documents and git commits. I also often use it to encrypt files and text.

@neox interesting.

I do use it to sign my Git commits at work, though nobody really gives a damn. Do your peers actually enforce any sort of signature verification as part of the dev process?

@0xf0 yep, in my project rules, git signature is mandatory (esp for commit integrity, less for security). For other projects, I keep this habit because why not 🤔

@0xf0 the most difficult thing about using gnupg is convincing other people to use gnupg

@dreadfulscribbler that is probably one of the most important arguments.

...along with the intrinsic lack of "general public"-level usability.

@0xf0 used to be a big user - attending/organizing keyparties, listing on BigLumber - but then I realized it was a colossal pain in the arse to maintain WoT for people I didn't really care about. So I stopped. I think my PGP key may even have expired. I stopped caring.

@scruss I hear you.
I used to use it extensively during my FidoNet times but then abandoned it.

I've started using it again in the past couple of years, mostly to sign Git commits and stuff, though nobody really cares checking so... back to square one.

@0xf0 Yup. The realization that it did nothing for the metadata and thus made PGP email impossibly conspicuous tou outside parties made it go away for me.

It's good that it can be used to sign commits, and that someone could do that extra level of checking, but mostly, meh

@0xf0 it works great for everything - except for E-Mails

@0xf0 anyone who uses Debian/Ubuntu/Mint/etc uses gpg every time they update their system.

Sign in to participate in the conversation
x0r.be

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!