
Python-GnuPG - happy-go-lucky
https://github.com/isislovecruft/python-gnupg
======
gkya
The source of the fork is this: [https://bitbucket.org/vinay.sajip/python-
gnupg/](https://bitbucket.org/vinay.sajip/python-gnupg/) I don't get why the
fork was done as this repo seems active.

~~~
someheavyocean
Knowing the general open source community, the fork was made because the
original is not on GitHub. Unfortunate.

The biggest selling points are "security patches, extensive documentation, and
extra features". Shame these weren't just contributed upstream.

~~~
gkya
I really dislike the monopoly that Github has in many parts of the industry,
it substracts from the value of git and the like. Also so many package
managers etc. are tied to Github, which is a shame because there's no
guarantees that it'll continue to exist or not ever be sold to an indecent
investor.

------
antoncohen
It is really unfortunate that a library is licensed under the GPL. It means
any released software that uses this also has be GPL, which restricts the
freedom of the downstream developer from making their own software be licensed
under their preferred license. This library calls out to the gpg binary, so
there is no reason it has to be GPL.

~~~
lksewpnseiq
Yes, that is the whole point...

~~~
eriknstr
For a library LGPL would be a better choice than GPL.

~~~
tanderson92
Evidently not, as the author of the library chose GPL.

~~~
eriknstr
Any time someone makes a choice, that is automatically the correct choice.

It never happens that someone makes a choice, like what license to use,
because they are only familiar with a subset of all choices, or because they
have been misinformed or have misunderstood something.

Right?

~~~
tanderson92
Right, it is better to speculate without evidence that the author made a
mistake rather than rest on the default position that what they did is what
they knowingly intended.

------
burgerdev
Standard approach to fix bugs in libraries: 1. fork it 2. fix it 3. post to HN
4. profit. Seriously, I hope this was reported to the original author
beforehand.

------
kaizoku_
Might I suggest a library that doesn't call out to system binaries and
wouldn't be subject to shell injection by design?
[https://github.com/SecurityInnovation/PGPy](https://github.com/SecurityInnovation/PGPy)

