An Op-Ed piece from ArsTechnica:
Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."
In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.
(Score: 2) by jmorris on Monday December 26 2016, @09:56PM
Delivered through platforms hostile to it. All iOS and any Android apps from Play are signed with the Apple or Google key + the developer key. Build all the binaries you want, it won't install (by the time you are done describing side-loading you have lost 99% of the audience) and if you read the article Signal "discourages" third party applications (which would include any outside build of the 'open source' that annoys them) from interfacing with their servers. When builds show up on f-droid.org I'll try it.
(Score: 2) by hemocyanin on Wednesday December 28 2016, @03:03PM
Fair point.