[Gpg4win-users-en] FYI: Digital Security Software Bug Hunt at RightsCon

Bernhard Reiter bernhard at intevation.de
Wed Feb 19 09:47:04 CET 2014

Hi Samir,

On Tuesday 18 February 2014 at 16:46:43, Samir Nassar wrote:
> My personal goal is to find ways to convince funders that there is
> important work to be done in, what I consider to be, bread and butter of
> digital security software and that fixing software such as contained in
> GPG4Win is far more important than investing in t

(that sentence seems to be ending early, 
I am interested how it will continue :))

the goal is very nice and I agree to it, as there is a lot of basic
work to be done in tool which overall would not be that expensive to do,
but where no working model of financing exists. And this mainly affects
low level librares like GnuPG or software where the broad public has
a very strong interest in, like Gpg4win.

> I am reaching out to you gpg4win users to help me highlight what you
> consider pressing issues in the software collection that is GPG4Win.

We know that there are many shortcomings within in Gpg4win, 
if you look at it, 2.2 from last year was only a small improvement
funded by a grant and 2.1, where a little bit more work was done,
is three years ago. The last major interface overhaul was started 
about 2007 leading to version 2 in mid 2009.

The people active with Gpg4win have learned a thing or two since then,
but the problem stays funding. We have collecting issues in some of the 
trackers linked from http://gpg4win.de/reporting-bugs.html
And we are trying to collect some improvement suggestions with design ideas
here as well:
STEED again is something that would help adoption of end-to-end
email security a lot.

> Highlight an issue that you think needs improvement or fixing.
> What kind of usability fixes need fixing, how, and what costs are involved?

Too many to list them individually, serious funders can get offers from 
Intevation/g10code and as will certainly understand, creating these offers 
and somewhat reliable cost estimations is a large amount of work in itself.
This is why we cannot just do it for all of them.

> Do you need and want better translations? Are you getting them?

I think the translation situation of GnuPG and Kleopatra itself is quite nice.
Gpg4win would need some more software development to make use of some of the 
available translations for Kleo and it would need testing and issue fixing 
with even more localized versions of windows. We were getting some nice
feedback during our 2.2 development where we have asked users to report
internationalisation issues. At that point of time we had hoped for more 

> What are some of the time and work costs to fix a feature or improve a
> workflow in something like Kleopatra or GPGOL?

Let me get back with some examples on this point.

> Am I wasting your time? Maybe there isn't a problem at all.

You are spot on, there are many, many issues with Gpg4win!

So why do we still ship it?
Because we want to make as much available as there is
and despite a lot of known possible improvements
Gpg4win can be very useful, 
sometimes is even the best tool for the job. 

Best Regards,
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140219/59de9783/attachment.sig>

More information about the Gpg4win-users-en mailing list