making a Debian Live CD for managing GnuPG master key and smartcards

Robert J. Hansen rjh at sixdemonbag.org
Tue Apr 26 15:37:49 CEST 2016


> Please keep the discussion technical. If you don't agree with me
> this is fine. But when you express your opinion about my lack of
> modesty, this is getting personal.

He can't do that, shouldn't do that, shouldn't even want to do that.
You're a human being, not a machine.  You deserve to be treated as a
person, not as a system of inputs and outputs.  Ideas should be
criticized or praised purely on a technical basis, but people should be
criticized or praised purely on a *human* basis.

I've looked over your egpg code.  My bloodless technical evaluation is
simple: "it is nowhere near ready for production environments."  And I
think if you read over the other technical criticisms you've received,
you'll see this is pretty much a consensus opinion.  By your own
admission, it has not received any kind of peer review or independent
code audit.  And yet, you feel it's appropriate to recommend to the
Debian folks they put this code on a live CD image they intend for use
in high-risk environments, *and* you think they should put together a
.deb package for you.

That you believe your project is ready for inclusion into a live CD
image meant for hostile environments is, I think, enough to make me
question your wisdom.  And that *is* a personal judgment, and I make no
apologies for that.





More information about the Gnupg-users mailing list