On 22/03/2020 16:35, Antoine Beaupré wrote: > > Within less than 24 hours, I get this email offering help.
Hi, Antoine. I'm sorry to hear about the lack of support for your project. It had so many maintainers! I personally only became aware of this when all of my open tickets against monkeysign were forcibly closed. > Besides, if people want a GUI to sign keys, GNOME keysign is pretty much > the state of the art there, as the issue above documents. GNOME keysign looks similar, but AFAICT it requires a "keysign server" on the (mutual?) local network. That seems to be an extreme restriction, and makes it totally useless to me (and I suspect most other people too). It also doesn't see any of my private keys, which is a pretty big blocker. > I have a dev/python3 branch that is the latest work on this, if people > want to take a look. Right now tests hang and I doubt the thing actually > works. I'm not a python programmer and my skills here are probably nowhere near what is required. I certainly wouldn't be comfortable taking the lead on any large porting project, but I would be willing to help out wherever I can. If however you think helping to improve an alternative project is a better use of time and effort, I'll defer to your wisdom. > Part of the problem with monkeysign is it was written before gpgme > gained support for signing keys and dealing with keyrings (and I'm not > sure its support is still good enough). I also didn't find out about the > python-gnupg python library before writing the first spike on a train, > so I ended up rewriting my own wrapper around `gpg --status-fd`, which > was a terrible mistake. > > In retrospect, I consider it's a mistake to write *anything* that talks > with `gpg --status-fd` now. ... > I'm sorry about this. I know it sucks to have a piece of software you > use on a daily basis just disappear from under you. I feel your pain. I've been trying for the past few years to knock together a menu-driven offline-key management interface[1] for PGP CAs, for use in corporate environments. I therefore wanted to make the entire process (for both users and admins) as painless as possible. Monkeysign became a key part of that once I discovered that writing my own flaky wrappers around the gpg command line was duplicating your work. :-) And there is approximately zero chance that I would have developed the camera/qrcode interface myself. If bringing monkeysign back from the dead is too much to ask, then maybe I can work around it using caff - although I will lose much functionality in doing so. GNOME keysign looks to have too many restrictions to be usable (I want to run it on Tails, how on earth does that work?). Any suggestions for workable alternatives will be gratefully received. Sorry again, Andrew. [1] If anyone is interested you can find the barely-functional carcass of the project at https://github.com/andrewgdotcom/frith . Beware that it is embarrassingly amateur, with no test suite, a shamefully monolithic structure and lots of exposed wires. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users