Re: [Evolution] Evolution/GPG

[Ralf Mardorf <silver bullet zoho com>]

On Sun, 2016-02-21 at 16:48 +0000, Pete Biggs wrote:
> > Just for the files: What more would I do to see Stig's signature as
> > valid for further mails ?
> You would need to sign it to say that you verify that you know that
> the signature belongs to him.  Which is not advisable if you don't
> know that for certain - since it creates faults in the web of trust.

At this point the usage of gpg becomes dangerous.

Ten days earlier:

https://mail.gnome.org/archives/evolution-list/2016-February/msg00118.html

Let's repeat it:

Since gpg can't solve issues caused by the users, going without gpg is
much more secure, than using gpg without understanding it. It isn't a
magic tool. Users unwilling to read available information or unable to
understand it, don't get the needed knowledge by continuing asking
questions, when they notice something unexpected. Such a user should be
aware to miss a lot, so this user, in this case the OP, won't ask all
needed questions. If a user doesn't read available information and is
just asking, after noticing something, this user should become aware
that what is noticed, likely is just the tip of the iceberg of missing
knowledge.

I strongly recommend not to use gpg, unless having an broad
understanding, obtained by hard learning.

The OPs questions are on a level compared to asking what menu needs to
be clicked to delete a browser history or what to do, to use the rm
command recursively. To understand gpg, this is the wrong approach.
Usage of gpg can not be learned in the same way as it's possible to
learn how to use a browser or a command line tool for averaged needs,
it's required to understand gpg completely, not only one part of it,
that is required for a moment.

GPG is not just some other software that allows to cheat one's way
through. This can be done for a browser, editor, music player, but not
for security.

Regards,
Ralf