From amk at amk.ca Sat Oct 5 03:01:42 2013 From: amk at amk.ca (A.M. Kuchling) Date: Fri, 4 Oct 2013 21:01:42 -0400 Subject: Privacy Handbook source located Message-ID: <20131005010142.GA79198@datlandrewk.home> A while ago I asked about the master source for the GNU Privacy Handbook. Today I realized that the Debian-packaged version of the Handbook must include the original source, and it does, downloadable from http://packages.debian.org/unstable/gnupg-doc . I've extracted just the gph/ subdirectory and put it in a git repository: https://github.com/akuchling/gph I did the same for the mini HOWTO: https://github.com/akuchling/gpg-mini-howto There's also a "Replacing PGP with GnuPG" that's probably no longer very relevant. --amk From amk at amk.ca Mon Oct 7 04:58:50 2013 From: amk at amk.ca (A.M. Kuchling) Date: Sun, 6 Oct 2013 22:58:50 -0400 Subject: Privacy Handbook source located In-Reply-To: <20131005010142.GA79198@datlandrewk.home> References: <20131005010142.GA79198@datlandrewk.home> Message-ID: <20131007025850.GA2423@datlandrewk.home> On Fri, Oct 04, 2013 at 09:01:42PM -0400, A.M. Kuchling wrote: > I've extracted just the gph/ subdirectory and put it in a git repository: > > https://github.com/akuchling/gph I've begun translating from Docbook to org-mode markup on the akuchling-modernize branch. https://github.com/akuchling/gph/tree/akuchling-modernize The single table still needs to be fixed -- I haven't yet figured out how to do multi-column spans in Emacs tables. Still, I think this is a good starting point for further work. --amk From devnull at Karl-Voit.at Mon Oct 7 10:50:48 2013 From: devnull at Karl-Voit.at (Karl Voit) Date: Mon, 7 Oct 2013 10:50:48 +0200 Subject: Privacy Handbook source located References: <20131005010142.GA79198@datlandrewk.home> <20131007025850.GA2423@datlandrewk.home> Message-ID: <2013-10-07T10-47-48@devnull.Karl-Voit.at> * A.M. Kuchling wrote: > > I've begun translating from Docbook to org-mode markup on the > akuchling-modernize branch. > > https://github.com/akuchling/gph/tree/akuchling-modernize > > The single table still needs to be fixed -- I haven't yet figured out > how to do multi-column spans in Emacs tables. In Org-mode, AFAIK it is not possible to do multi-column/row spans. You might be able to achieve something with [1] but I don't have experience by myself. 1. http://orgmode.org/worg/org-faq.html#table-multiline-fields -- Karl Voit From amk at amk.ca Wed Oct 16 04:50:22 2013 From: amk at amk.ca (A.M. Kuchling) Date: Tue, 15 Oct 2013 22:50:22 -0400 Subject: Suggested updates for the Privacy Handbook? Message-ID: <20131016025022.GA42097@datlandrewk.home> A few days ago I posted about making the GNU Privacy Handbook available as a GitHub repository and converting it to org-mode. (Repository URL: https://github.com/akuchling/gph/ ) Now that the conversion is close to complete, what updates/changes does the Handbook need? I'd like to hear suggestions. There are certainly obvious updates to recommended key sizes, and we should check that the various command lines are still correct. But are there larger revisions to make? e.g. New topics that should be added or ones that should be dropped, new usage best practices or tools to suggest? (You can read the text of the handbook at .) --amk From wk at gnupg.org Wed Oct 16 17:21:45 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 Oct 2013 17:21:45 +0200 Subject: Suggested updates for the Privacy Handbook? In-Reply-To: <20131016025022.GA42097@datlandrewk.home> (A. M. Kuchling's message of "Tue, 15 Oct 2013 22:50:22 -0400") References: <20131016025022.GA42097@datlandrewk.home> Message-ID: <87d2n5jl6e.fsf@vigenere.g10code.de> On Wed, 16 Oct 2013 04:50, amk at amk.ca said: > Now that the conversion is close to complete, what updates/changes > does the Handbook need? I'd like to hear suggestions. First of all we need to get rid of the FDL. That is something we can't do ourself unless we want to backout the changes done after the assignment so that Mike will be able to change it. I'll write again to the FSF. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Oct 16 17:41:39 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 Oct 2013 17:41:39 +0200 Subject: Licese change for the GPH. Message-ID: <878uxtjk98.fsf@vigenere.g10code.de> Hi, Many years ago, Mike Ashley wrote the GNU Privacy Handbook as a manual for GnuPG. Back in 2000 the license was changed to the GNU FDL and we did a few translations of the manual. Meanwhile the manual is heavily out of date and should be updated to reflect the current state of the project. Up until now such updates did not happen because the restrictive terms of the FDL made it hard to include content from other sources (HOWTOS, FAQ, etc.) or re-use parts of the GPH elsewhere (FAQ). Documentation for encryption is very important these days and we should move away any blockers for a wider dissemination. Thus I like to ask for a license change of the GPH to CC-by-sa/GPLv3. Something like You can redistribute this manual and/or modify it under the terms of the [[http://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 Unported License]] or alternatively under the terms of the [[http://www.gnu.org/licenses/][GNU General Public License]] as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. If you wish to allow the use of your version of this manual only under the terms of one of these licenses, indicate your decision by deleting the respective above paragraph. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: From mezzanine at Safe-mail.net Fri Oct 18 06:50:27 2013 From: mezzanine at Safe-mail.net (mezzanine at Safe-mail.net) Date: Fri, 18 Oct 2013 00:50:27 -0400 Subject: Suggested updates for the Privacy Handbook? Message-ID: It would be useful for the GPH to specify whether it is referring to GPG2 or a version of GPG in the 1.x line, and it might also be useful to include slight coverage of the differences between the two. In addition, the following topics and issues should be considered: * Phasing out SHA1 and MD5 hashing and moving from DSA to RSA keys (see https://www.debian-administration.org/users/dkg/weblog/48 for info.) * Using frontends such as GPGTools for the MacOSX platform and GPG4win for the Windows platform. * The limitations of GPG with regard to protecting against attacks against an end user's system. * Obtaining and installing GPG (including verification of downloaded copies, if necessary.) Other possible topics are: * Migrating from the PGP product to GPG. * Comparing OpenPGP and S/MIME. Attached to this message is a Signatures.gif image file which should have a better appearance than the existing signatures.jpg image file. (At the time when the GPH was originally written, JPEG may have been preferable because of GIF being subject to licensing issues with LZW compression and support for PNG images being less widespread than it is now.) Adjusting the license for the GPH so that it can (at minimum) be distributed under the terms of CC BY-SA 3.0 would be useful. --Richard -------------- next part -------------- A non-text attachment was scrubbed... Name: Signatures.gif Type: image/gif Size: 2176 bytes Desc: not available URL: From wk at gnupg.org Fri Oct 18 09:09:56 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Oct 2013 09:09:56 +0200 Subject: License change for the GPH. Message-ID: <87r4bjgim3.fsf@vigenere.g10code.de> Hi Richard, [Don asked me to contact you directly] many years ago, Mike Ashley wrote the GNU Privacy Handbook as a manual for GnuPG. Back in 2000 the license was changed to the GNU FDL and we did a few translations of the manual. Meanwhile the manual is heavily out of date and should be updated to reflect the current state of the project. Up until now such updates did not happen because the restrictive terms of the FDL made it hard to include content from other sources (HOWTOS, FAQ, etc.) or re-use parts of the GPH elsewhere (FAQ). Documentation for encryption is very important these days and we should move away any blockers for a wider dissemination. Thus I like to ask for a license change of the GPH to CC-by-sa/GPLv3. Something like You can redistribute this manual and/or modify it under the terms of the [[http://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 Unported License]] or alternatively under the terms of the [[http://www.gnu.org/licenses/][GNU General Public License]] as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. If you wish to allow the use of your version of this manual only under the terms of one of these licenses, indicate your decision by deleting the respective above paragraph. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Oct 18 09:18:08 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Oct 2013 09:18:08 +0200 Subject: Suggested updates for the Privacy Handbook? In-Reply-To: (mezzanine@safe-mail.net's message of "Fri, 18 Oct 2013 00:50:27 -0400") References: Message-ID: <87mwm7gi8f.fsf@vigenere.g10code.de> On Fri, 18 Oct 2013 06:50, mezzanine at Safe-mail.net said: > * Phasing out SHA1 and MD5 hashing and moving from DSA to RSA keys (see https://www.debian-administration.org/users/dkg/weblog/48 for info.) FWIW, GnuPG used MD5 only for PGP2 compatibility. From rfc-4880: Implementations MUST implement SHA-1. Implementations MAY implement other algorithms. MD5 is deprecated. SHA-1 is is an important part of OpenPGP and used in ways which are resistant against collision attacks. Thus it is not easy to fade it out. A paragraph explaining why certain algorithms re used by default does make sense; though. > * Using frontends such as GPGTools for the MacOSX platform and GPG4win for the Windows platform. > * The limitations of GPG with regard to protecting against attacks against an end user's system. Yes, that is important for real world security. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Oct 21 12:33:10 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Oct 2013 12:33:10 +0200 Subject: License change for the GPH. In-Reply-To: (Richard Stallman's message of "Fri, 18 Oct 2013 20:21:30 -0400") References: <87r4bjgim3.fsf@vigenere.g10code.de> Message-ID: <87zjq2ewwp.fsf@vigenere.g10code.de> On Sat, 19 Oct 2013 02:21, rms at gnu.org said: > What is the legal status of the FAQ? Who are the contributors? Copyright (C) 2000, 2001, 2002, 2003, 2010 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111, USA This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. Copyright assignments have never been requested, though. > Likewise for the HOWTOS that you want to use. Some are GPL, other are all permissive. > Could you explain why you think that license is desirable? I already did that: The FDL makes it too hard to re-use parts of a text (history section, carrying the licenses, and so on). You should be well aware of the arguments due to solution worked out with Wikipedia to switch from FDL to CC-by-sa. > I think it will be necessary to write new text with the pertinent We have lots of new texts readiliy available but can't include them due the the license conflict. FWIW, Gpg4win manual is also under the FDL but the German goverment, as copyright holder, agreed to work on a license change. > information; but first let's try contacting the people who wrote the > text you want to use and get their permission. Those who wrote Nope. The problem is that the use of the FDL was a mistake, it hinders wider dissemination of important information. I would even agree to use CC-0 for such documentation, but CC-by-sa/GPL will be sufficient. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Oct 22 09:36:43 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Oct 2013 09:36:43 +0200 Subject: License change for the GPH. In-Reply-To: (Richard Stallman's message of "Mon, 21 Oct 2013 21:25:13 -0400") References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> Message-ID: <87iowpdaes.fsf@vigenere.g10code.de> On Tue, 22 Oct 2013 03:25, rms at gnu.org said: > No, you didn't. You only made a general statement that you > think CC-BY-SA|GPL would solve some kinds of problems. > I don't think it would help at all. Feel free to have a different opinion on that. My time is too precious to rewrite existing texts just for the sake to help keeping the FDL alive. As a contractor this would be different, though. > So let's investigate it concretely. Could you tell me > one work that you think you could include, if you switched the manual > to CC-BY-SA|GPL, but could not include now? I already explained that this is about wider dissemination of existing documentation. It is not only about including other text into the GPH but to use text from the GPH elsewhere (e.g. in Wikipedia, magazines). Helping people to protect their private data is more important than holding up the use of the FDL. It is a shame that we need to spend time on minor legal issues. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Oct 22 09:49:08 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Oct 2013 09:49:08 +0200 Subject: License change for the GPH. In-Reply-To: (Richard Stallman's message of "Mon, 21 Oct 2013 21:25:14 -0400") References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> Message-ID: <87eh7dd9u3.fsf@vigenere.g10code.de> On Tue, 22 Oct 2013 03:25, rms at gnu.org said: > Please don't ask them to do that. As a public rejection of our > lciense, that would hurt the GNU Project as a whole. And it would not Fortunately this is already in the works. I can tell what really hurts the GNU project: The stubbornness of keeping tight control over everything with the result that people try to get out of the way of everything which is related to the FSF - GPLv3 inclusive. Recall the GCC plugin discussion with the final outcome that most research is now done with LLVM and we actually helped Apple to get their semi-proprietary stuff mainstream. I have had hard times explaining why the GPLv3 is good for everyone - despite that there are really sound arguments in favor of the GPLv3. I can't tell a single argument why the FDL is better than CC-by-sa or GPL. Still you are requesting the use of the FDL for all FSF related documentation. Luckily we never implemented that for the GnuPG included docs. > There are many solutions to a problem like this. I looking for a For example working with CC to make the FDL compatible to CC-by-sa but then one could also simple switch to CC-by-sa. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Oct 23 14:48:27 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Oct 2013 14:48:27 +0200 Subject: License change for the GPH. In-Reply-To: (Richard Stallman's message of "Tue, 22 Oct 2013 20:08:54 -0400") References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> <87iowpdaes.fsf@vigenere.g10code.de> Message-ID: <87k3h45f1g.fsf@vigenere.g10code.de> Richard, virtually nobody understands why you favor the GFDL over other free licenses useful for documentation. In particular the CC-by-sa is a widely used strong copyleft licenses without the problems of the GFDL. All the arguments listing the disadvantages of the GFDL have been repeated as nauseam over the last decade. It would really be helpful and a sign of good will to stop this and declare CC-by-sa as a useful license for (GNU) documentation and stop demanding the use of the GFDL for GNU software. > We can find a solution for using text from the GPH in magazines, but > Wikipedia is out of luck. It was their choice to stop using the GFDL. And did that hurt the free software/society movement? Obviously not. > They can't use the GPL-covered HOWTOs either. While asking people I would bet that most authors who use the GPL for documentation would also consider to dual-license their HOWTOs under CC-by-sa/GPL ... > to relicense them, I could ask them to switch to GFDL|CC-SA; ... but not to the GFDL. Persisting on the use of the GFDL harms GnuPG, worse, it harms the privacy of many people because we won't let them easily share useful information on how to protect themselves. This is not my understanding of helping my neighbors. It is 16 years since I started to work on GnuPG. During all these years I have always spoken out in favor of the GNU project - maybe now is the time to reconsider. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: From wk at gnupg.org Mon Oct 28 08:22:08 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 28 Oct 2013 08:22:08 +0100 Subject: License change for the GPH. In-Reply-To: (Richard Stallman's message of "Mon, 21 Oct 2013 21:25:14 -0400") References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> Message-ID: <8738nlx3kv.fsf@vigenere.g10code.de> Hi! Just a quick update. Richard replied privately to me; I responded along these lines: I recall that at least once discussing license problems on the internal gnu-prog-discuss list has been disallowed. I did not agree to this censorship but back then it was not a direct problem of mine. Now, a GPH license change is GnuPG related and thus on my turf - here I won't let anyone stop me discussing things unless there are sound reasons for this. A proposed change from GFDL to CC-by-sa/GPL is neither a security issue nor would it harm the free software/society community. The author of the GPH as well as many others signed copyright assignments to the FSF on my request. They did this in the true believe that the FSF will act responsible and in the best interest of the free software community. It is sad to see how the FSF distrusts their volunteers by following a seemingly selfish interest to push for the GFDL despite that the world has moved to better and easier alternatives for free documentation. Today we have a plethora of free documentation and it is more the norm than the exception that documentation is free. This is for sure due to RMS's efforts on demanding free documentation. It is just that today the sledgehammer of the GFDL can and should be replaced by precision mechanics' tools. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From devnull at Karl-Voit.at Wed Oct 30 17:13:10 2013 From: devnull at Karl-Voit.at (Karl Voit) Date: Wed, 30 Oct 2013 17:13:10 +0100 Subject: License change for the GPH. References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> <8738nlx3kv.fsf@vigenere.g10code.de> Message-ID: <2013-10-30T17-09-07@devnull.Karl-Voit.at> * Werner Koch wrote: > Hi! Hi! > Now, a GPH license change is GnuPG related and thus on my turf - > here I won't let anyone stop me discussing things unless there are > sound reasons for this. A proposed change from GFDL to > CC-by-sa/GPL is neither a security issue nor would it harm the > free software/society community. I am not that deep into the status of GnuPG documentation. However, in case it is that outdated as some people wrote, is a completely re-write from scratch an option? This would allow for a modern up-to-date documentation with a new licence model and fresh content management to attract a wider range of audience. Just my 2 cents ... -- All in all, one of the most disturbing things today is the definitive fact that the NSA, GCHQ, and many more government organizations are massively terrorizing the freedom of us and the next generations. From amk at amk.ca Wed Oct 30 19:55:42 2013 From: amk at amk.ca (A.M. Kuchling) Date: Wed, 30 Oct 2013 14:55:42 -0400 Subject: License change for the GPH. In-Reply-To: <2013-10-30T17-09-07@devnull.Karl-Voit.at> References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> <8738nlx3kv.fsf@vigenere.g10code.de> <2013-10-30T17-09-07@devnull.Karl-Voit.at> Message-ID: <20131030185542.GA54683@datlandrewk.home> On Wed, Oct 30, 2013 at 05:13:10PM +0100, Karl Voit wrote: > I am not that deep into the status of GnuPG documentation. > However, in case it is that outdated as some people wrote, is a > completely re-write from scratch an option? I think that's certainly an option, and have started thinking about an outline: https://raw.github.com/akuchling/gpg-primer/master/primer.org I'd love to hear reactions and suggestions. --amk From devnull at Karl-Voit.at Thu Oct 31 12:35:29 2013 From: devnull at Karl-Voit.at (Karl Voit) Date: Thu, 31 Oct 2013 12:35:29 +0100 Subject: License change for the GPH. References: <87r4bjgim3.fsf@vigenere.g10code.de> <87zjq2ewwp.fsf@vigenere.g10code.de> <8738nlx3kv.fsf@vigenere.g10code.de> <2013-10-30T17-09-07@devnull.Karl-Voit.at> <20131030185542.GA54683@datlandrewk.home> Message-ID: <2013-10-31T12-30-25@devnull.Karl-Voit.at> * A.M. Kuchling wrote: > On Wed, Oct 30, 2013 at 05:13:10PM +0100, Karl Voit wrote: >> However, in case it is that outdated as some people wrote, is a >> completely re-write from scratch an option? > > I think that's certainly an option, and have started thinking about > an outline: > https://raw.github.com/akuchling/gpg-primer/master/primer.org Cool. > I'd love to hear reactions and suggestions. >From a quick glance at your page, I'd say it is a good structure. As a side-note: how about thinking about a set of personas[1]. For example, I would say that users of Outlook with no deep IT knowledge are our most important target group for GnuPG documentation. With a persona in this area, you are able to determine whether or not a certain topic is explained on a suitable level. It's hard to write concise documentation with no clear image of the typical reader. 1. https://en.wikipedia.org/wiki/Personas#In_user_experience_design -- All in all, one of the most disturbing things today is the definitive fact that the NSA, GCHQ, and many more government organizations are massively terrorizing the freedom of us and the next generations.