The community fringe (was GPGMEPP)

[Robert J. Hansen]

> I'm not sure why you are posting this here instead of patching this up 
> and creating a PR.

A couple of solid ones.

1. Do I understand things correctly? We're not talking about a bug fix, 
we're talking about architectural and API changes. These are not things 
to be done lightly. Discussing proposed changes before going through the 
work of implementing them is generally a better option.

2. I'm a former government-funded digital forensics researcher who has 
delivered research results at NSA. That's enough to make me permanently 
suspect in the eyes of some people in the community. For this reason I 
don't touch the code. I don't want anyone who might be thinking of using 
GnuPG decide "no, no, I can't trust it, they accept patches from people 
with NSA ties."

#2 also has a disturbing aspect of there are people in this community 
who are clinically paranoid and mentally ill. 95% of these people are 
harmless victims of a terrible mental illness who deserve our love, 
support, and understanding.

5% of these people send me unhinged emails threatening my life.

=====

If you are legitimate, wait three days for me to cool down you asshole. 
I have sat here and tolerated the pandering to Windows people the Gnu 
people have been telling Microsoft people are stupid long enough. 
Personally, these statements by you are TOTALLY out of character to 
***EVERYTHING*** I have heard from Werner Koch and others say for years. 
  I have assumed all during this time that Werner and the others are 
much more intelligent than me (true).  I have also assumed that they are 
so busy that they haven't had time to do much of anything else (that I 
don't know the truth of).  I don't give a damn how many people have 
signed your god-damn keys. THAT IS WHY I SAY, IF YOU ARE A GOD-DAMN FBI 
AGENT YOU GO TO HELL!!!  I WILL KILL YOU, YOU SON OF SATAN!!!  This 
message is signed and encrypted. Take it for what it is worth.  If the 
filthy United States would allow me to adopt my nom-de-guerre as 
legitimate legal alias I would do so and MAYBE (*JUST* *MAYBE*) the 
signing of this message would have more meaning to you.  I doubt it though.

=====

Really, folks, that's what some users send me. That's about one-sixth of 
the complete email, which is … well, much the same as that excerpt. That 
guy also dug up my home address, my employer, and my phone number. I had 
to get the police involved and it was a bad experience for everyone.

Also remember that when the SKS keyserver network was poisoned by 
certificates sporting hundreds of thousands of spurious signatures, that 
was almost certainly done by someone who believed they needed to "save 
the GnuPG ecosystem". The fact they used the certificates of Daniel Kahn 
Gillmor and myself to wage this attack also tells you who this deranged 
person thought GnuPG needed to be saved from. The more I touch the code, 
the more the nutcases like the key-poisoner are incentivized to act.

So, yeah. As a general rule I don't touch the code unless explicitly 
invited. I don't want to cause anyone to lose faith in GnuPG, and I 
don't want to provoke the crazies into "saving GnuPG".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251107/41a9002a/attachment.sig>