"constructive criticism of GPG"

[Eric Tetz]

I just subscribed briefly to bring this old post to your attention:

http://lists.canonical.org/pipermail/kragen-tol/2001-March/000648.html

I found it ween Googling for help, after going through pretty much the
same steps he did, including being prompted to enter a message gpg
couldn't possibly encrypt, and this:

   You need a User-ID to identify your key; the software constructs the user id
   from Real Name, Comment and Email Address in this form:
       "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"
   Real name: Eric Tetz (foo bar) <erictetz at sandisk.com>
   Invalid character in name
   Real name: "Eric Tetz (foo bar) <erictetz at sandisk.com>"
   Invalid character in name

That's exactly the kind of UI where the meaning is obvious in
retrospect (and to the programmer), yet is guaranteed to trip up first
time users. What the user sees is AN EXAMPLE OF PROPER FORM, followed
by A PROMPT: the intuitive response is to follow the example. It's a
candy machine interface
(http://tetzfiles.com/eric/code/docs/candyMachineInterfaces.html).

In this case, showing the final form of the user ID is not only
confusing, it SERVES NO PURPOSE. Why does it matter what form the ID
ultimately takes, if the user is not allowed to enter the data in that
form? It's much more straightforward to simply ask for what you want.
If you really want to show them the final form, show them afterwards:

   GPG needs to construct a User-ID to identify your key.
   Real Name (First Last): Eric Tetz
   Email Address (username at host.com): erictetz at sandisk.com
   Comment: foo bar
   User-ID constructed:
      "Eric Tetz (foo bar) <erictetz at sandisk.com>"

Anyway, that's all. I just wanted to bring that post to your
attention, because here it is 7 years later and people are still going
through the exact same shit. :)

Cheers,
Eric