Improving product summary in announcement (Re: [Announce] GnuPG 2.2.14 released)

Andre Heinecke aheinecke at
Thu Mar 21 14:47:57 CET 2019


On Thursday 21 March 2019 09:31:52 CET Bernhard Reiter wrote:
> Am Mittwoch 20 März 2019 16:12:46 schrieb Andre Heinecke:
> > For this reason I _never_ mention CMS in any user visible string. Even 
> > Certificates are "S/MIME Certificates". Users do "OpenPGP" or they do
> > "S/MIME" they have "OpenPGP Keys" or "S/MIME Certificates". I try in my
> > work to reduce the distinction in the wording between Keys and
> > Certificates.
> those are different occasions to me.
> If users are exposed to name a technical format, it should be named 

I disagree with that statement. S/MIME and OpenPGP are the relevant encryption 
standards. No one talks about CMS. This is something implementors know about 
but even the most expert users do not know that "CMS" is a thing.

> For the rare case that a user wants to dig deeper, the structure can shine 
> through, if it must be seen anway.

I think you can dig deeper into how S/MIME works and find out about the 
Cryptographic Message Syntax.

> To me GnuPG is for technicians, as it is - at the essence - a crypto engine.
> So in the GnuPG announcement I believe it is good to show the technical 
> precision of the product and its crew.

I have a strong opinion about the fact that CMS should not be used anywhere 
user visible. Sorry that we disagree here but CMS is just so arbitrary.
To me using CMS is like saying:
I sent you an OpenPGP Message Syntax RFC 2440 combined with MIME Security with 
OpenPGP RFC 3156 to securely send you a mail instead of saying: "I sent you a 
PGP Mail."

> > > What about
> > > "The GNU Privacy Guard (GnuPG, GPG) provides a complete and free engine
> > >  to implement email and file cryptography by OpenPGP and S/MIME
> > > standards."
> >
> > But you say above that you do not want to complicate things?
> A list of more specific words usually make something easier to understand.
>  * "implementation" -> "engine" is more specific towards GnuPG

I respectfully disagree with that. Ok Implementation is not a good word but I 
find engine even worse. I would rather just use "software"

>  * "email" and "file" are also more specific and easier to understand.
> In this variant there is no "complete implementation" of S/MIME claimed,
> only that GnuPG is an engine for S/MIME, so the mention of S/MIME can
> be kept.
> > Yep it's all not technically correct but we want to provide a good user
> > experience and that is not helped by adding confusing "technically 
> > terms.
> If people read the annoucement's first sentence and want to understand it, 
> I'll consider it helpful to be correct and clarifying and the same time. My 
> hope was that the suggested first variant above, which did not add another 
> term, maybe an improvement.

I also disagree here. GnuPG is very often times used to encrypt just 
"Messages" e.g. if you want as an American to buy Medicine for a reasonable 
price. You do not use GnuPG for email or files you just use it. Why be specific 
if we are just a general crypto engine?

On the back of our T-Shirts we have "The universal crypto engine" In my 
opinion this would be the best caption but this is then too unspecifc.

Best Regards,

-- - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608,

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke.    Mail: board at
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-2104-4938799
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-devel mailing list