tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/1402-autodownload-autopublish-keys-from-key-serverGPGTools: Discussion 2018-10-18T19:53:03Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-12T11:46:59Z2012-06-12T12:02:07ZAutodownload / autopublish keys from key-server?<div><p>Hey Holmes,</p>
<p>this functionality is still missing and we are aware that this
is a much requested feature. We will most likely implement it in a
later version of GPGMail.</p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-12T22:45:42Z2012-06-12T22:45:42ZAutodownload / autopublish keys from key-server?<div><p>Just made a big awesome donation, in lieu of a sloppy kiss.</p>
<p>--Holmes</p></div>Holmes Wilsontag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-12T22:51:23Z2012-06-12T22:51:23ZAutodownload / autopublish keys from key-server?<div><p>Hi Holmes,</p>
<p>wow, thank you so much! We're having some very cool ideas for
making exchanging keys as easy as possible in our pipeline and
contributions such as yours will help making them happen!</p>
<p>Thank you!</p>
<p>If you're interested we'll put you on a list of people receiving
pre-release versions of GPGMail for Mountain Lion, that's the least
we can do.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-12T23:24:35Z2012-06-12T23:24:35ZAutodownload / autopublish keys from key-server?<div><p>I'm gonna be super cautious about upgrading this time… I
feel like my computer is still worse than it was when it had Snow
Leopard. And new OS X released used to be like Christmas!</p>
<p>Anyway, I had a marketing idea for you too.</p>
<p>Let's make an awesome GPG landing page that detects platform and
offers everyone an easy path to getting up and running. And then
let's get all the GPG plugins / apps to (optionally, but by
default) include some awesome, tested line in the signature.</p>
<p>I'm really interested in mainstreaming privacy tools (making the
OTR for email) and I think the work you guys are doing is totally
the closest to this. So I'm excited to help in any way I can. This
is my day job: <a href=
"http://fightforthefutu.re/">http://fightforthefutu.re/</a> :)</p>
<p>--Holmes</p></div>Holmes Wilsontag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-12T23:31:26Z2012-06-12T23:32:58ZAutodownload / autopublish keys from key-server?<div><p>Hi Holmes,</p>
<p>we should totally talk about this.<br>
It's our main goal to make privacy tools as easy as possible and
we've started with completely re-imagining GPGMail 2.0 for
Lion.<br>
It's still a long way to go and we'll have to find a way to finance
the development in order to continue working on it and putting even
more hours into it, but that's what we absolutely wanna do.</p>
<p>I really like the idea of the GPG landing page and it would be
very easy to implement. If we could bring the gpg.org owner on
board, that'd be fantastic.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-24T08:34:28Z2012-06-24T08:34:28ZAutodownload / autopublish keys from key-server?<div><p>Sorry for the slow reply.</p>
<p>So the next step would be: landing page + "email signature"
campaign?</p>
<p>Tell me more about what you're thinking for GPGMail 2.0!</p>
<p>--Holmes</p></div>Holmes Wilsontag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-25T09:36:25Z2012-06-25T09:36:25ZAutodownload / autopublish keys from key-server?<div><p>All,</p>
<p>As to the first comment/feature request of Holmes, I would very
much like to keep the possibility to NOT publish keys and to NOT
automatically retrieve/upload/download/update keys.<br>
Lots of people I know think the same, as some do not want there (or
not all of there) keys to be published.<br>
So, nice feature in itself, but please keep it optional or
configurable.</p>
<p>Karel</p></div>karel.groottetag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-25T09:44:27Z2012-06-25T09:44:27ZAutodownload / autopublish keys from key-server?<div><p>Hi Karel,</p>
<p>there will always be an option to opt-out, but it will most
likely be on by default to make it easier for new users to get
started.</p>
<p>But would you mind elaborating some of the reasons why you'd not
want to have these feature "just work"?</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-25T09:58:22Z2012-06-25T10:01:00ZAutodownload / autopublish keys from key-server?<div><p>Hi Luke,</p>
<p>Default could be tricky, as with installation you are asked to
create a key. In that process give the user the chance to NOT
upload that key (checkmark e.g.)<br>
Some reasons might be:</p>
<ul>
<li>Sharing keys only within a limited group of people or within an
organization. There is no need to share outside that group.</li>
<li>Uploading the keys to a public keyserver could give away
essential information on users, emailaddresses, organisations, who
you know, trust etc.</li>
<li>Some keys are for internal use only, to encrypt data e.g. Also
no need to share that key. (Note, PGP is not only used to sign or
encrypt emails.)</li>
</ul>
<p>Maybe it sounds paranoia, but then again, we use GPG because we
<em>are</em>...<br>
Karel</p></div>karel.groottetag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112012-06-25T10:05:01Z2012-06-25T10:05:01ZAutodownload / autopublish keys from key-server?<div><p>It's true, if no key exists on installation a new key is
proposed to be created<br>
which is later uploaded. That's based on our assumption that
advanced or longtime gpg users already have a key and thus this
option makes it easier for new users.<br>
Of course, that might not always make sense, and it makes sense to
add a chance to prevent the key being uploaded automatically (I'd
rather see it as a default-checked checkbox in the key creation
dialog)</p>
<p>The reasons you're mentioning are all perfectly valid and we'll
be sure to take them into account. Thanks!</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112013-03-09T04:46:17Z2013-03-09T04:46:17ZAutodownload / autopublish keys from key-server?<div><p>Hey Luke--</p>
<p>Following up on this. When I email somebody, why doesn't
GPGtools automatically look up the key they are publishing to the
key server and let me encrypt the messsage?</p>
<p>Also, you guys should totally include a link in the signature to
a page that tells people how to use GPG on their platform.</p>
<p>--Holmes</p></div>Holmes Wilsontag:gpgtools.tenderapp.com,2011-11-04:Comment/165813112013-03-28T16:08:03Z2013-03-28T16:08:03ZAutodownload / autopublish keys from key-server?<div><p>We've a ticket for this now. Please subscribe to the ticket if
you want to be notified of changes being made in regards to this
issue:</p>
<p><a href=
"https://gpgtools.lighthouseapp.com/projects/65764/tickets/465-provide-the-option-to-download-the-key">
https://gpgtools.lighthouseapp.com/projects/65764/tickets/465-provi...</a></p>
<p>I'm closing this discussion for overview purposes. Feel free to
open a new discussions should you run into further problems or need
assistance.</p>
<p>Concerning the signature: You can always add a link to <a href=
"https://gpgtools.org">https://gpgtools.org</a></p>
<p>Best, steve</p></div>Steve