CAcert Code Development list.

[Bernhard Fröhlich <bernhard AT cacert.org>]

Am 07.01.2020 um 13:20 schrieb Karl-Heinz Gödderz:

> Hi all,
> shouldn't GPG be disabled already because of the problems with deleting
> keys as possible to demand with that new GDPR?

IMHO this issue does not apply to key signers (what we do at CAcert) but 
to key servers, where people can upload their (and other's) keys to make 
them public.

So, at least this topic won't relieve us from making a decision... :-\

Kind regards
Ted
> Kind Regards
> Karl-Heinz
>
> Am 06.01.20 um 16:09 schrieb Sascha Ternes:
> > Hi Gero and all,
> >
> > Am 06.01.20 um 13:57 schrieb Gero Treuner:
> > > > An alternative to fixing the problem would also be to disable GPG signing,
> > > > temporarily or forever. This would be a "political" decision made by board
> > > > or policy group, but they'll need some "technical opinions" to discuss
> > > > about.
> > > >
> > > > As far as I am concerned, GPG signing is not very useful for me. And some
> > > > chatter seems to imply that at least key servers and "large scale key
> > > > signing" is being deprecated more and more. So are there any other opinions?
> > > I know people who sign their keys with CAcert. Although the PGP WoT and
> > > keyservers are not widely accepted, signing by CAs seems to be among
> > > most useful applications left for PGP (maybe besides autocrypt, which is
> > > a different story).
> > >
> > > So I propose to keep it.
> > let us have a look into our issue tracker: We have at least three major
> > issues and quite a bunch of minor issues in the GPG category that are
> > not yet solved or reported as new.
> >
> > So I plead to disable it temporarily (remove the GPG menu from the
> > website) until the bigger issues with GPG signing have been fixed. We
> > should simultaneously communicate this in our news to show that we are
> > concerned.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature