-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Good afternoon, folks! Just a quick reminder: PGP isn't dead. Sign with pride!
Signed with my GPG key: 1BBD C23D 1853 255D 6415 D2EC 814E DF85 1AAB 370E
#OpenPGP #GPG #Cybersecurity #Tech #DigitalIdentity #SignYourCode
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTHaQ+iFRwfaXx+TxhjUbpCCVDiNAUCZ7cd5gAKCRBjUbpCCVDi
NOZSAPoDPFoZXKuxya98iY6nAV6hzgOghpqF/OtOVSW4qtEdMQEA3x/jqaD4R9vo
qi89wA4Hsd4KeqwTSQxKDECesI+W8QU=
=3gty
-----END PGP SIGNATURE-----
Loading Client Manager...
XMPP> connect
XMPP Connect - JID> demo@domain.tld
XMPP Connect - PWD> 123456
XMPP> Client has been connected with XMPP Server
XMPP> presence
XMPP> message
XMPP Message - JID> stefan@domain.tld
XMPP Message - Text> Hallo! Das ist ein Test :)
XMPP> Message from stefan@domain.tld/Coffein: Hallo. Die Nachricht ist angekommen.
g_signal_connect_object(connection, "connected",
G_CALLBACK(cxmpp_connected), connection,
G_CONNECT_SWAPPED);
g_signal_connect_object(connection, "new-contact",
G_CALLBACK(new_contact), connection,
G_CONNECT_SWAPPED);
g_signal_connect_object(connection, "new-chat-message",
G_CALLBACK(new_chat_message), connection,
G_CONNECT_SWAPPED);
Introducing WKD Tester – a free, open-source tool for testing OpenPGP Web Key Directory implementations! I built it to help out with the Keyoxide project, making it easier to generate lookup URIs and discover keys on the fly. Check it out at https://wkd.chimbosonic.com.
Isn't it poetic and ironic that out of all possible time lines we are in one where #securejoin #openpgp protocols on top of the existing #email protocols offer the arguably most solidly scaling, useable, world-wide federated end-to-end encrypted messaging reality, safe against compromised #mitm servers? Hundreds of billions spend to create "the email successor" and here we are in 2025 .... #interoperable #email and #cryptography as the tortoise looking at Achilles through the back mirror :)
It's no slight on the #Python maintainers that the #OpenPGP system is inadequate. They have correctly sounded the alarm, they're right that the system has lots of problems and should be replaced.
What I do fault the Python maintainers for, is dismissing valid concerns about GitHub and Google, by recommending them as replacement. If we don't have an open replacement, that's bad, but that doesn't justify vesting trust in proven untrustworthy entities.
I’m *trying* to like #Python again, but PEP-761 requires #sigstore. #OpenPGP key management has issues, but this requires trusting #openidconnect from #Google & #Microsoft. Plus there’s a stated design goal of supporting automated signatures from private keys held by #GitHub.
Easier? Probably. Safer? Probably not. Security is about trust and the required certificate authorities haven’t earned mine over the past 20 years. As always, YMMV.