GnuPG is now financially self-sustaining
Longtime GnuPG maintainer Werner Koch has posted an change on the project,
largely eager by the unusual linked “GnuPG VS-Desktop” enterprise that is,
it appears, going fairly effectively:
For hundreds of years our work used to be essentially financed by donations and smaller
projects. Now we have reached a level where we can gain pleasure in a
continuous earnings circulate to attain and prolong the system without
asking for donations or grants. Right here’s fairly a brand unusual journey to us
and I am essentially a bit proud to manual one of the few self-sustaining
free system projects who had now to now not sacrifice the needs of the
hasten.
He concludes with a demand for participants who were donating to GnuPG
to redirect their generosity toward one other deserving project. Right here’s
fair news; GnuPG ran on a shoestring for plenty too prolonged.
| From: | Werner Koch via Gnupg-devel |
|
| To: | gnupg-allege-AT-gnupg.org | |
| Topic: | [Announce] A Novel Future for GnuPG | |
| Date: | Mon, 03 Jan 2022 08: 19: 26 +0100 | |
| Message-ID: | <871r1p1e2p.fsf__49588.9554427535$1641194935$gmane$org@wheatstone.g10code.de> | |
| Cc: | Werner Koch |
Whats up and a Delighted Gnu 300 and sixty five days! It has been fairly some time since my last home whisper on GnuPG. I were fairly busy working on the project nonetheless unfortunately rarely ever active on the frequent channels. So, here's a brand unusual whisper telling what we did over the last two or three years. Please learn at the least the last allotment. A web model of this article is on hand at https://gnupg.org/weblog/20220102-a-unusual-future-for-gnupg.html Some background =============== Within the starting achieve GnuPG used to be a relaxing project I did in my spare time. After a couple of years this modified into out to be a fleshy time job and it used to be imaginable to originate paid projects to attain and extra produce GnuPG. When the BSI (Germany's Federal Living of job for Info Safety) migrated reduction from Linux to Windows, a must migrate their discontinue-to-discontinue encryption solution, per GnuPG and KMail, used to be wanted. A requirement bids for an Open Source solution used to be issued and our firm, g10 Code, along with our associates at Intevation and KDAB purchased the contract. The consequence used to be Gpg4win, the within the meantime usual distribution of GnuPG for Windows. It modified into out that the system broken-down in Germany to present protection to restricted recordsdata at the VS-NfD diploma, called Chiasmus, showed its age. For instance, the block length of 64 bits (love IDEA or 3DES) is now now not anymore obtain for recordsdata of better than 150 MiB. Additionally the secret encryption algorithm has now now not anymore the conceitedness folks broken-down to have in it and attributable to missing hardware toughen it is far reasonably slack. A unusual call to expose for a replacement of that system used to be issued and we moreover with Intevation were granted the contract. Our solution used to be to change GnuPG and its frontends Kleopatra and GpgOL. After some thorough evaluate of our system (working title /Gpg4VS-NfD/) and the frequent bureaucratic we purchased a significant approval in January 2019. Meet GnuPG.com ============== I were working with Andre Heinecke of Intevation GmbH since about 2010 on Gpg4win and some utterly different projects. With the foreseeable approval of /Gpg4VS-NfD/ Andre then left Intevation and took over 40% of the g10 Code shares from my brother (I am maintaining utterly different 60%). We began to acquire a true product out of /Gpg4VS-NfD/. Thus we rented a brand unusual utter of enterprise to work desk by desk on this and employed workers for gross sales and marketing. We launched the stamp /GnuPG.com/ to have a closer recognition of our product than by our obedient title /g10 Code GmbH/. The system itself used to be re-branded as /GnuPG VS-Desktop®/ and dispensed as an MSI packet for Windows and as an AppImage for Linux. With the exception of for customer particular configuration recordsdata /GnuPG VS-Desktop/ is and would possibly maybe maybe repeatedly be Open Source below the GNU Typical Public License. We moreover achieve maintaining /Gpg4win/ because the community model. Right here's per the the identical source code as /GnuPG VS-Desktop/ nonetheless comes with more aspects attributable to using the most new style department. The advantages for the customer to pay for /GnuPG VS-Desktop/ are: a industrial toughen contract, the guarantee of a prolonged bustle maintained and licensed model, customization strategies, community tested unusual aspects, and the per-approval required vendor for security updates. Additionally technically printed for longer, it modified into entirely last year broadly known, that the legacy Chiasmus system can also now now not anymore be broken-down for restricted communication from this year on. For the administration and moreover for the industry two choice exist emigrate away from Chiasmus: the proprietary GreenBone system from /cryptovision GmbH/ and our Open Source system /GnuPG VS-Desktop/. The flee in direction of GnuPG VS-Desktop ================================= Since summer 2021 the telephones of our gross sales team did now not discontinue ringing and we can also lift within the fruits of our work. We weren't conscious how many utterly different governmental businesses exist and how a amount of them have a necessity to present protection to recordsdata at the VS-NfD (restricted) diploma. And with these businesses moreover comes a mountainous deepest and corporate sector who moreover have to address such communication. Even supposing we toughen S/MIME, the majority of our customers determined in prefer of the OpenPGP protocol, attributable to its higher flexibility and independence of a centralized public key infrastructure. A minor plot back is that for a fast launch and simple migration from Chiasmus, many web sites will remark symmetric-entirely encryption (i.e. per "gpg -c"). Nevertheless, the now deployed system offers the foundation to transfer on to a gratified public-key solution. In particular, our now silent integration into Challenging Itemizing makes working with OpenPGP below Windows essentially tremendous. We were moreover in a position to accomplice with Rohde & Schwarz Cybersecurity GmbH for a silent integration of GnuPG VS-Desktop with their smartcard administration system. We estimate that a quarter million locations of work will be equipped with GnuPG VS-Desktop and provide the users utter of the artwork file and mail encryption. Our longer term thought is to equip all public agency locations of work with discontinue-to-discontinue encryption system - now now not entirely these with a straight need for an licensed VS-NfD solution. This ought to nonetheless moreover match effectively into the launched aim of the unusual German government to foster the come of Open Source. Kudos to all supporters ======================= For hundreds of years our work used to be essentially financed by donations and smaller projects. Now we have reached a level where we can gain pleasure in a continuous earnings circulate to attain and prolong the system without asking for donations or grants. Right here's fairly a brand unusual journey to us and I am essentially a bit proud to manual one of the few self-sustaining free system projects who had now to now not sacrifice the needs of the hasten. These of you with SEPA donations, please stop them and redirect your funds to utterly different projects which are more fast of monetary toughen. The Paypal and Stripe essentially essentially based recurring donations have already been canceled by us. All you supporters seriously helped us to attain GnuPG alive and to in the end setup a sustainable style mannequin. *Thanks!Salam-Shalom, Werner p.s. Right here's an announcement entirely mailing list. Please send replies entirely to the gnupg-users at gnupg.org mailing list. p.p.s List of Open Signing Keys: To guarantee that a downloaded GnuPG model has now now not been tampered by malicious entities we provide signature recordsdata for all tarballs and binary variations. The keys are moreover signed by the prolonged bustle keys of their respective owners. Latest releases are signed by a lot of of these four keys: rsa3072 2017-03-17 [expires: 2027-03-15] 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Open Signing Key) ed25519 2020-08-24 [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA Werner Koch (dist signing 2020) ed25519 2021-05-19 [expires: 2027-04-04] AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD Niibe Yutaka (GnuPG Open Key) brainpoolP256r1 2021-10-15 [expires: 2029-12-31] 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208 GnuPG.com (Open Signing Key 2021) The keys are on hand at https://gnupg.org/signature_key.html and in any fair as of late launched GnuPG tarball within the file g10/distsigkey.gpg . Expose that this mail has been signed by a special key. -- g10 Code GmbH -=- GnuPG.com -=- AmtsGer. Wuppertal HRB 14459 Bergstr. 3a Geschäftsführung Werner Koch D-40699 Erkrath https://gnupg.com USt-Identity DE215605608 _______________________________________________ Gnupg-allege mailing list Gnupg-allege@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-allege _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel
(Log in to put up feedback)
