A postmortem on Efail

Mark H. Wood mwood at iupui.edu
Tue May 22 15:12:28 CEST 2018

On Tue, May 22, 2018 at 01:42:07AM +0100, Mark Rousell wrote:
> On 21/05/2018 15:17, Mark H. Wood wrote:
> >> Break backwards compatibility already: it’s time. Ignore the haters. I
> >> trust you.
> > (I understand that that's a quote of a discussion-opener from the write-up.)
> >
> > I'd like to first see how many haters can be won over by selling the
> > necessary changes.
> >
> > By "selling" I mean addressing the concerns of those who aren't
> > convinced that they want something:
> >
> > o  Why this is important *to you*, even though its importance was not
> >    immediately obvious.
> To my mind it is at the outset counter-productive to refer to "haters".
> To use the term "haters" implies that anyone who does not share one's
> own view is somehow wrong and/or that their arguments can potentially be
> dismissed on the grounds or emotionalism rather than rationality.

*sigh*  Imagine that I wore a wry expression as I wrote that.  I think
 we are mostly in violent agreement.  I tend to play off of the
 wording of a previous statement when replying, especially when I want
 to bend the discussion in a different direction.

> In practice, those like myself who recognise that the ability to decrypt
> legacy-encrypted data is a basic requirement for many users with
> archival needs do not "hate" anything. We just recognise that decryption
> of legacy-encrypted data is a real world requirement right now and will
> continue to be for many years, and so I think it is right and proper for
> this project to continue to support this activity with maintained
> software (albeit with a requirement for users to make some changes to
> support such activity).

Yes.  I, too, have encrypted stuff from way back that I would like to
be able to read.  Addressing such needs is part of selling the
selected way forward.

Another part of selling is dialogue.  I see lots of confident
assertions about what we should do.  Is anyone taking this back to the
affected users to see if any of it makes sense to them?

> > o  What we have done, and are doing, to keep *your* cost down.
> If the aim is to keep end-users' costs down then do not completely
> remove legacy features that are still needed in the real world.
> Decryption of legacy-encrypted data is one of those features, like it or
> not.

Yes, but don't just do it silently; tell people who need this that it
is being done, because of their concerns, and how it is being done.
Sell it.

> > o  What else would we need to do, to make this something *you* want?
> Go back in time and change history!  [snip]

I was hoping for practical ideas which show that the community
understands the needs of all its members and is working to minimize
the cost of necessary evolution.  I'd like to be one community, but
apparently at the moment we are two.

Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180522/bb1274b6/attachment.sig>

More information about the Gnupg-users mailing list