Why 2.1 is delayed for so long

Robert J. Hansen rjh at sixdemonbag.org
Tue Sep 23 16:12:10 CEST 2014


> However, if you keep making arguments like this, the overall effect
> is that a typical user has to tweak a lot of things to get a maximal
> level of security

I've got two problems with this:

First, "security" is a vague and pretty much meaningless word.  It must
be contextualized to have any usefulness.  Security against which
threats?  Is it likely is the normal user will encounter these threats,
or are these threats unlikely?

Second, "maximal level of security" is ... it leads to some extreme and
not very helpful 'solutions'.  For instance, if you want a maximal level
of security against the risk of auto accident, your only choice is to
never go within several hundred meters of an automobile.  That's why we
talk about mitigating risks rather than providing maximal security.  You
can't get a maximal level of security against auto accidents and still
be able to drive to work, but you *can* wear a seat belt, never drive
impaired, and have your car regularly checked for safety issues.

Risks are to be mitigated to a reasonable degree -- not to a maximal degree.



More information about the Gnupg-devel mailing list