| 16 Jul 2021 |
 andi- | I am not defending GPG... | 13:49:05 |
 @grahamc:nixos.org | yeah | 13:49:09 |
| @grahamc:nixos.org | I'm trying to think about what my position is here :P | 13:49:20 |
| andi- | TPMs in systems like Windows or MacOS are probably something ~15 engineers at either company understand and maintain. None of the millions of users has knowledge about them to use BitLocker or FileVault. | 13:50:07 |
| @grahamc:nixos.org | yes! | 13:50:16 |
| @grahamc:nixos.org | 100% | 13:50:19 |
| andi- | With GPG everyone has some wrong assumption on how it works but it works somehow (most of the time?) | 13:50:27 |
| @grahamc:nixos.org | the complicated bad stuff of GPG that I hate is:
- people don't know how to use it safely
- it is easy to do something catastrophically bad
- the lifecycle of the keys is "I dunno whatever"
| 13:51:51 |
| andi- | Like I was asked what kind of file encryption we (day job) could use for exchanging sensitive documents with a partner... The partner proposed GPG because their enterprise security department says it is secure. Nothing else is acceptable as it hasn't been audited. Something like age wouldn't even be considered even if it is simpler and better suited for the process :/ | 13:52:06 |
| andi- | And I think with "audited" they don't mean having read the GPG code... | 13:52:38 |
| @grahamc:nixos.org | hahaha no chance | 13:52:43 |
| andi- | Hell, I'd probably propose just using openssl CLI instead of GPG... | 13:53:04 |
| @grahamc:nixos.org | oh and 4. people pretend like mere mortals could use it | 13:53:13 |
| @grahamc:nixos.org | at least with a TPM nobody is expecting regular people to actually interact with it | 13:53:33 |
