I can't help but cynically wonder how much funding GPG would get just from the various journalists in this donation video making a decent salary who claim that GPG is indispensable for their work.
Another case of free software tragedy of the commons.
It seems like things that were sponsored by major organizations because they saw the good in having their name associated with a product or service in favor of getting the "internet at large" to pay for things that have become ingrained as "But it's free so why should we pay for it?"
Usability is atrocious and if you do not use it all the time you have to google the simplest things (for which the results are mostly outdated or wrong or bad practice so you have to be careful with which explanation you follow) which the software itself could explain to you.
100%. Freeze all work on crypto except for fixes for new problems that show up. All rest of money goes to hiring a UX expert for a design that anyone can pick up for common case and then implementing it.
Even trying to use a bash script to automate things is tricky because of gpg2's interactivity. I'm sure it was put there to improve usability, of course :) (which it does, in the interactive case).
> This money will firstly allow us to continue our maintenance of GnuPG. We also intend to use it to fund our work on the Gnuk security token. And, one new project that it will support is a book called "An Advanced Introduction to GnuPG." A book for developers who want to integrate GnuPG into their programs, and need to understand the various concepts, the important security tradeoffs, and common pitfalls; for digital security trainers who need to understand GnuPG to be able to make sound recommendations to users; and, of course, for enthusiasts.
I agree with waldfee that it would probably be a very good idea to invest a chunk of that money into UI improvements. GnuPG is not exactly the friendliest program out there, even for those of us who are very comfortable doing everything from the command line.
https://gnupg.org/donate/index.ja.html https://gnupg.org/donate/index.fr.html https://gnupg.org/donate/index.de.html
And the pool's automated management infrastructure prunes misbehaving hosts pretty quickly (e.g. not responding, out of sync, etc). See "servers in the pool" and "servers currently not in the pool" here:
I suspect that gpg isn't trying multiple servers in the pool but only trying the first A record it finds. I've had to edit hosts to select a functioning key server in the pool many times.
What sort of issues are you seeing? What server are you querying? Where in the world are you located?
There's a bunch of servers out there -- https://sks-keyservers.net/status/ -- but most tend to be in North America and Europe. That might be an issue, depending on where you are.
https://www.propublica.org/article/the-worlds-email-encrypti...
You should, ideally, try to fund improvements to both projects.
If I may derail this thread even further: I find XMPP+OMEMO even better. The security concept is basically identical to Signal but users don't have to rely on particular servers and a widespread adaption would end the problem that people who use different servers/clients can't talk to each other.
Also, there are great apps for XMPP. For desktop user there is Gajim[0], for Android there is conversations[1] and the apple folks have ChatSecure [2].
[0] https://gajim.org/ [1] https://conversations.im/ [2] https://chatsecure.org/
And a thousand more. The question is where to channel scarce resources.
