GPG Sync is a recently launched project for managing the
sharing of GPG keys, particularly within an organization. Micah Lee
made the project internally at First Look Media and has now
shared it with the world.
What inspired the creation of GPG Sync?
Since the very beginning of First Look Media we've taken computer
security seriously, and that includes every single employee using
encrypted email. But as an organization that has over 100 employees
at this point, most of whom aren't already computer nerds, I quickly
realized that managing keys is too complicated of a task for every
single person to be required to do. I use GPG Sync to solve this
problem: all of the complexity of key management can be managed by a
small group of techies, allowing our growing user base to use
encrypted email without having to think about the details nearly as
often.
How will people use it?
At First Look Media, we've installed GPG Sync on everyone's
workstations and just let it run in the background, ensuring that
everyone will have everyone else's public keys without having to
think about it. But I think a lot of other organizations will find
it useful as well. I've spoken with people who work for other news
organizations, as well as the non-profit world, who are excited
about implementing it internally there. And I'm personally going to
subscribe to multiple GPG Sync fingerprints lists, so I'll have
trustworthy public keys available for a much larger group of people.
What features do you think really sets GPG Sync apart from similar software?
GPG Sync is really focused on the needs of organizations, while most
other email encryption-related software is focused on the needs of
individuals.
Why did you choose the GPLv3 as GPG Sync's license?
Whenever I decide I want to release some code, I like to default to
GNU GPL so I can lock it open. I'm not opposed to using
permissive licenses like BSD or MIT, but I only use them if I think
there's a compelling reason for them.
How can users (technical or otherwise) help contribute to GPG Sync?
First, start using it! If you're part of an organization where
everyone uses encrypted email -- even if it's just the other people
in your Dungeons and Dragons party -- try setting up a fingerprints
list and have everyone use it. See what you think, and report any
bugs, or suggest features you'd like to see, in the issue
tracker. And if you have programming skills, please take a look
at the issue tracker and make some pull requests. I'm always happy
to merge other people's code into the project.
What's the next big thing for GPG Sync?
I'm not sure yet, but probably I will focus on a port to other
platforms.
Enjoy this interview? Check out our previous entry in this series,
featuring Stefano Zacchiroli of Software Heritage.