| ▲ | ghickPit 2 hours ago | |
> it can be debated whether PGP-in-general is a lost cause too, but that's not what GP is claiming It is though what both the fine article, and tptacek in these comments, are claiming! | ||
| ▲ | Avamander 42 minutes ago | parent [-] | |
They are also correct, but that's indeed not what the person you replied to said. > then why haven't alternatives ^W replacements been produced for decades? Actually we do have alternatives for it. For example Git supports S/MIME and could absolutely be used to sign commits and tags. Even just using self-signed certificates wouldn't be far off from what PGP offers. However if people used their digital IDs like many countries offer, mission-critical code could have signatures with verifiable strong identities. Though there are other approaches as well, both for signing and for encrypting. It's more that people haven't really considered migrating. | ||