top | item 24467271

(no title)

ifmpx | 5 years ago

> You access the the developer's webpage (via a browser and https) and read the installation instructions. They tell you to curl in (over https) some pgp key and some (https) endpoints for finding and downloading the package. > The PGP part of this can be replaced with NOPs and this is no less secure.

That's one of most absurd hyperbolic assertion I've had the misfortune to come across in the whole PGP debate so far. You're clearly not acquainted well-enough with how PGP is being used by linux distributions. That, or you're simply debating this subject in bad faith. Assuming the former: HTTPS is only relied upon to bootstrap keys, like pretty much every other PGP replacement you're willing to advocate for.

I know this may be painful to read for someone working on a PGP competitor, but PGP

* is a standard,

* is successful,

* is widely adopted, and

* will likely remain so for the foreseeable future.

The op and the myriad of new PGP libraries and applications that keep popping up stand testament to this. You'd probably do better to reflect on this fact than to argue and downvote a green account on an old hn thread.

Cheers.

discuss

tptacek|5 years ago

Nobody in this thread is working on a PGP competitor, nor is it acceptable on HN to allege that people are commenting in bad faith the way you just did. Please revisit the guidelines. If your arguments were sound, you wouldn't need to resort to personal attacks. Shore them up.

pvg|5 years ago

I don't understand most of this comment but I suppose at least we've come to agree that you can replace PGP with anything (like a NOP) in this particular use case.