AW: Ok this is a stupid questions

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Feb 26 19:57:01 CET 2019



On 2/26/2019 at 10:29 AM, "Stefan Claas"  wrote:
	Von: vedaal via Gnupg-users
Gesendet: Montag, 25. Februar 2019 22:09
An: justina colmena; gnupg-users at gnupg.org
Betreff: Re: Ok this is a stupid questions
	Why do you think GnuPG is useless if you check the source-code, run
it on hardware you trust, and a Linux variant you trust, with a
Chromium/Iron browser, and avoid anything google or microsoft or apple
or any non-FOSS product? 
	I have learned in the past trust nobody. Therefore I would not rely

	on  people from the GnuPG ecosystem and what they say.

	 =====

	It depends on how realistic your threat model is.

	For someone in a politically repressive regime who is being targeted,
yes, trust should be very limited, and clearly earned.

	For those  whose threat model is criminal hacking by individual
opportunists,  there is a certain leeway.

	When i first started out, I knew people who read every single line of
PGP 2.x sourcecode, and even today, refuse to migrate to gnupg because
they haven't the time to read all the code.

	(Although some have considered that if there would be a minimalist
version, with a small enough code to read, they would definitely use
it.)

	These people routinely 'airgap' their encrypting functions.

	I respect it, 

	but there is literally no end to how paranoid one can be ...

	For example, has anyone you know, ever checked how the compilers
work?  (Reviewed gcc's source code, and the hardware necessary to make
it run, to ensure that nothing is 'added/subtracted/altered' when it
gets to machine language? Even more difficult when it is a proprietary
compiler.)

	GnuPG is offering a FOSS privacy tool.

	One can scrutinize it, appreciate it, and say thank you,

	or be paranoid enough to never use it,

	or some other in-between balance, that's comfortable for the
individual's threat model.
	The gnupg-users list can help with clearing up technical questions
and let the users decide for themselves.
	vedaal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190226/47f03571/attachment-0001.html>


More information about the Gnupg-users mailing list