On Sat, 2006-04-01 at 11:29 +0100, Stuart Ellis wrote:
On Fri, 2006-03-31 at 13:27 -0500, Paul W. Frields wrote:
> > Click-throughs are passive, people can do them without thought. The
> > sign-the-CLA-with-GPG is active.
>
> But I agree that GPG signing emails is just frills compared with the
> CLA. No reason people should go through that pain if they don't care.
> I've been using PGP/GPG so long that I don't, but it's obviously a
> significant barrier to some people, and since it's not necessary outside
> the CLA, we should remove or demote it like you said. My ~$0.02.
FWIW, when I wrote that line I had a couple of things in mind:
1) Since in practice you need a GPG key and a Linux box to contribute,
and the default GNOME mail client (Evolution) enables GPG with one
setting, signed e-mail is almost free (I thought). Kmail has GPG support
as well, I believe.
Yes, those are both low-drag apps as far as GPG goes.
2) Doing the Right Thing: without some kind of signature, an e-mail
just
isn't trustworthy, even though most people do assume the "From:" field
can be trusted. Which is slightly worrying, and something that I have to
explain semi-regularly as people receive infected or phish mails. With a
project like this, where contributors often only interact through IRC
and e-mail, signed mail is particularly valuable IMO.
Don't get me wrong, I prefer GPG, I just don't want it to be a sticking
point for new contributors.
Of course I hadn't looked at Thunderbird... It appears that the
versions
of Enigmail provided by the developer are often incompatible with
Thunderbird builds provided by Fedora, and there isn't a package in the
Fedora repositories for Enigmail.
I looked into this too and discovered the same thing. I wonder why no
one has packaged it, seeing as how it's so useful? Anyone interested in
doing so?
--
Paul W. Frields, RHCE
http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
Fedora Documentation Project:
http://fedora.redhat.com/projects/docs/