Gnu Privacy Handbook

J. Michael Ashley
Thu, 23 Mar 2000 07:16:59 -0500 (EST)

Hash: SHA1

On Sat, 18 Mar 2000, avid wrote:

> I tried to check the signature
> with the provided .asc file using "gpg --verify gnupg-1.0.1.tar.gz.asc
> gnupg-1.0.1.tar.gz" as described in Chapter 2, Getting Started, and was
> greeted with
> ~
> gpg: Warning: using insecure memory!
> gpg: Signature made Thu 16 Dec 1999 04:41:03 AM EST using DSA key ID 57548DCD
> gpg: Can't check signature: public key not found
> im assuming this is not a bug, and that i have done something wrong.
> But after reading the handbook i don't know what im doing wrong,
This is a hole in the manual. In general there are several "use cases" that the manual does not cover. The next major revision of the manual needs to fill in as many such gaps as possible. I'm always happy when readers identify them, just like you've done.
> I have, to date, read the entire handbook, excluding
> the the command reference section (which appears to be very dry reading:))
Incidentally, the command reference section is taken from the manual page and is out-of-date, incomplete, and overall in very, very bad shape. It's mostly useless except as a place to start with experiementation. The purpose of getting it into the manual was to encourage comments and suggestions for improvements, and that's happened in a few cases. Feel free to make suggestions.
> Im hope you will agree that for gpg, and encryption in general to
> flourish it's use must not be too obtuse, obscure, in use.
> In the narrative flow of the beginnign chapters, i.e. 1-4, it does not help
> the reader to gloss over technical details too much.
I disagree. The goal of the handbook is to empower users who are just computer literate. The handbook is missing that target, though, and is inadequate for for truly novice users. I'm certain that providing more technical details is exactly the wrong approach to take to reach the goal. Most PGP documentation is technology oriented, and I've had to spend time with friends explaining things at a higher level so they can see the "big picture" before going into the details. Fortunately, for the geeks, though, books like Zimmerman's PGP manual and Schneier's "Applied Cryptography" fill in the details that the GPH currently omits.
> I would feel
> much more empowered as a document-reading user to be told where to go
> to learn more about the internals [...]
> (geeks love references, annotation, and ultimately it is geeks of greater
> or lesser degree who convince and then help their less techno-headed
> friends to use nifty new technology).
Being helpful is healthy. My vision, though, is a manual that allows users to be independent of the geek community. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see iEYEARECAAYFAjjaC0EACgkQBwMqlokEyOKN8gCff0EXeeGpG5UyMCOF64B9ZoWK 73UAoOQcePcH6cO7kfAsLJOfY6I+lGHW =1FGl -----END PGP SIGNATURE-----