Gnu Privacy Handbook

J. Michael Ashley jashley@acm.org
Thu, 23 Mar 2000 07:16:59 -0500 (EST) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 18 Mar 2000, avid wrote:

> I tried to check the signature

> with the provided .asc file using "gpg --verify gnupg-1.0.1.tar.gz.asc

> gnupg-1.0.1.tar.gz" as described in Chapter 2, Getting Started, and was

> greeted with

> ~

> gpg: Warning: using insecure memory!

> gpg: Signature made Thu 16 Dec 1999 04:41:03 AM EST using DSA key ID 57548DCD

> gpg: Can't check signature: public key not found

> 

> im assuming this is not a bug, and that i have done something wrong.

> But after reading the handbook i don't know what im doing wrong,


This is a hole in the manual.  In general there are several "use cases"
that the manual does not cover.  The next major revision of the manual
needs to fill in as many such gaps as possible.  I'm always happy when
readers identify them, just like you've done.


> I have, to date, read the entire handbook, excluding

> the the command reference section (which appears to be very dry reading:))


Incidentally, the command reference section is taken from the manual page
and is out-of-date, incomplete, and overall in very, very bad shape.
It's mostly useless except as a place to start with experiementation.
The purpose of getting it into the manual was to encourage comments
and suggestions for improvements, and that's happened in a few cases.
Feel free to make suggestions.


> Im hope you will agree that for gpg, and encryption in general to

> flourish it's use must not be too obtuse, obscure, in use.


Yes.


> In the narrative flow of the beginnign chapters, i.e. 1-4, it does not help

> the reader to gloss over technical details too much. 


I disagree.  The goal of the handbook is to empower users who are just
computer literate.  The handbook is missing that target, though, and is 
inadequate for for truly novice users.

I'm certain that providing more technical details is exactly the wrong
approach to take to reach the goal.  Most PGP documentation is technology
oriented, and I've had to spend time with friends explaining things
at a higher level so they can see the "big picture" before going into
the details.

Fortunately, for the geeks, though, books like Zimmerman's PGP manual
and Schneier's "Applied Cryptography" fill in the details that the GPH
currently omits.


> I would feel

> much more empowered as a document-reading user to be told where to go

> to learn more about the internals [...]

> (geeks love references, annotation, and ultimately it is geeks of greater

> or lesser degree who convince and then help their less techno-headed

> friends to use nifty new technology). 


Being helpful is healthy.  My vision, though, is a manual that allows
users to be independent of the geek community.

Mike

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjjaC0EACgkQBwMqlokEyOKN8gCff0EXeeGpG5UyMCOF64B9ZoWK
73UAoOQcePcH6cO7kfAsLJOfY6I+lGHW
=1FGl
-----END PGP SIGNATURE-----