| ||Ask HN: Is it time for a public GPG audit?|
94 points by anotherhue on Sept 15, 2013 | hide | past | favorite | 38 comments |
|With GPG being a common destination for those concerned by the recent privacy revelations, it bothers me a little that I can't find any audit or security review of GPG's codebase.|
The Wikipedia page says that a German IT ministry funded a windows port, the EU Agency for Network and Information Security list GPG as part of their index of tools and claim it's in use by some related parties  but don't go so far as to recommend it. Considering that several governments within the EU are allegedly complicit in the SIGINT scandal, I don't think their word counts for much.
GPG is open source, but while the code is readily available the knowledge and background to determine its security is somewhat rarer. Would you be willing to contribute to a project to fund a public audit of the codebase? If so, what sort of people would you like to see participate.
| Apply to YC