Discussion style differences between OpenPGP design groups

[Bernhard Reiter]

Am Donnerstag 30 April 2026 19:32:38 schrieb Robert J. Hansen via Gnupg-users:
> Werner gets accused of hubris constantly. I think there is some truth
> there. I've seen him behave in ways I find unhelpful and
> counterproductive. (Werner, as your friend, I'm telling you that Andrew
> is trying really really hard to be your friend. Please rethink your
> characterization of his criticisms as "bait".)
>
> But at the same time there is an enormous level of hubris in the WG
> demanding that all of these recently-installed vault doors be
> reinstalled with this newer vault door which offers *no* practical
> capability improvements for 95% of users [..] except for "now, with a
> Belgian malinois!". We should notice that, too.

Thanks for setting this straight.

> > If you accuse me of "endlessly" arguing, I might just stop.
>
> I didn't read Andrew as accusing you of being dilatory; I read him as
> being frustrated with how long this is taking. I share in his
> frustration, but I think everyone is talking in good faith.

Thanks for the alternative reading, I was't sure of what to understand, 
however, I wanted to point out that a first step to potental new 
understanding is to be extra careful to not accuse someone or jump to 
conclusions too early, not even indirectly. Even if we are frustrated,
it does not help at all. We need to leave room for others to reconsider, and 
even staying on talking terms has some value it, even if it is for a long 
time without seemingly significant progress.

> I would have preferred if LibrePGP had become the new standard. This is
> no slam on the WG, which put out a spec I believe is technically
> superior to LibrePGP. But the LibrePGP spec is definitely good enough
> and is already fielded in large numbers.

That LibrePGP is good enough and simpler, is an argument I see.
What I think would be helpful is, if people recognised it as a proposed
standard that has as much potential and right to exist and call itself 
a "standard" like RFC9580. 
(You have given the reasons in your previous email. I won't repeat.)

I seriously cannot say if RFC9580 is "technically superior" or not,
as I value the deployed code base and simplicity as "technical" in another 
way.

> At the same time, it's not about which one I want to have won. It's
> about *where we are now as a community*, and how do we bridge this rift?

Yes.

> There are genuinely good people in the RFC9580 camp. Our community will
> be stronger and better if we can reconcile with them.

I agree.

> I've already shared my thoughts on how we can do that. I won't rehash
> them here.

(Can you point me to them again, its okay in personal email.)

> > Werner Koch has devoted the major fraction of his professional life
> > towards creating a Free Software product for end-to-end
> > cryptography. He is the active technical and architectual lead of
> > the major and most widely used OpenPGP implementation (seen over 25
> > years). As you have written before, he was right on a number of
> > decision he took in those roles. He as a lot of experience.
> >
> > Yes, I think it is worth a real consideration to give him a veto.
>
> This is the same logic the FSF has used for decades to justify RMS's
> veto power. I think this reasoning leads to bad outcomes (see: RMS).

No, this is not what I mean. I said it is worth a real consideration.
If Werner would get a veto just for the next common standard together, for 
instance. That could be an offer that might (or might not, I haven't asked 
him) give Werner a strong signal that people will try to understand and 
listen to him seriously again. It could be a symbol to build initial trust
to say: we go your tempo. We will try to convince you, in return you give us 
your time and potential blessing, but you have a safety card.
It only works if people really feel this way and have the openess, though.
Anyhow it is just one example to use that consideration.

To explain:
Consensus would mean that several people get a "veto" and that would be 
equally fair. The challenge I see with RMS' behaviour with some GNU software 
was different.

> I am *not* accusing Werner of being an RMS-like figure. I am saying that
> if we want to prevent an RMS-like figure from forming, we need to stop
> giving dictators-for-life veto authority over projects.

See above, I do not propose "for-life", maybe only for one round for a common 
standard. There will be a point in the future, where GnuPG, in its current 
implementation, will get to be less relevant. And hopefully for good.
(Which means Werner's and other companies will have a good continuation with 
Free Software business and users have good end-to-end crypto implementations 
to chose from.)

Motivation is:
Outside of the *PGP and end-to-end email circles, we are seen as a unit and we 
can archieve much more together.

Best Regards,
Bernhard

-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260505/481d970a/attachment.sig>