adding TOFU/POP to GnuPG

Daniel Kahn Gillmor dkg at
Fri Mar 14 21:48:30 CET 2014

On 03/14/2014 04:28 PM, Hans-Christoph Steiner wrote:

> If we are implementing trust models that we cannot explain in plain English,
> how then do you expect to represent them to users who have no idea about the
> implementations?

Hard engineering and design work.  I'm not saying it's easy, or that our
community has a history of getting it right in the past, but we have to
do it.

People who design and build complex technology need to have specific
terms for the components and subsystems they work on, and to use those
terms to communicate clearly with each other even when the end user is
ultimately presented with something that hides much of that complexity.

If you tried to build a blender with no other vocabulary than "mix" and
"chop" and "puree", you wouldn't end up with anything particularly
usable in the kitchen (and it would probably be dangerous!), even though
most people just see those buttons and have no idea what's going on
inside their blender or what it took to design and build it.

We're designing and building blenders here.  We need to know about
tensile strength and mechanical gearing and rotational velocity and
voltage allowances and fluid dynamics and spatter patterns and user
interface conventions and failure modes and load testing and viscosity
and a lot of other details that go deeper than "mix" and "chop" and "puree".



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140314/a24ef14d/attachment.sig>

More information about the Gnupg-devel mailing list