Opened 7 years ago

Closed 4 years ago

#5996 closed defect (invalid)

Greatly improve usability of GPG for all operating systems

Reported by: phobos Owned by:
Priority: Medium Milestone:
Component: Company Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Users increasingly are trying to use GPG or PGP to verify our software. This is a great trend to encourage. Unfortunately, the current software available for Windows and OSX is clumsy or non-functional for users. Thandy may replace the need for this improvement, but people will still want to verify that thandy does comes from tor.

Help existing projects improve their usability for non-technical users.

Tor is becoming an introduction to GPG/PGP for many people and telling users to 'figure it out' on their own doesn't work so well. It makes users just not verify the software is actually from Tor, or they ask for less secure ways to accomplish the goal, like MD5/SHA-1 hashes of the packages.

Child Tickets

TicketStatusOwnerSummaryComponent
#5606closeddeb package with all torproject.org signing pgp keysApplications/Tor bundles/installation
#6373closedphobosuse long gpg ids instant of short gpg idsWebpages/Website

Change History (3)

comment:1 Changed 7 years ago by phobos

Owner: phobos deleted
Status: newassigned

comment:2 Changed 7 years ago by karsten

Keywords: SponsorZ added
Milestone: Sponsor Z: November 1, 2013

Switching from using milestones to keywords for sponsor deliverables. See #6365 for details.

comment:3 Changed 4 years ago by isis

Keywords: SponsorZ removed
Resolution: invalid
Status: assignedclosed

I'm closing this because:

1) We've deleted the password for phobos' account. (#15896)
2) The "Company" component is defunct.
3) Tor Browser has an updater which checks signatures.
4) What ever made you think you'd ever improve the usability of GnuPG in any way? GnuPG is a giant steaming pile of legacy, shit code, and it won't ever be usable, and this situation can't be improved due to its horrible 90s-era internal design (not to mention equally-shitty underlying cryptographic libraries).

Note: See TracTickets for help on using tickets.