Slashdot Mirror

← Back to Stories (view on slashdot.org)

GPG Programmer Werner Koch Is Running Out of Money

Posted by timothy on from the open-secret dept.

New submitter jasonridesabike writes "ProPublica reports that Werner Koch, the man behind GPG, is in financial straits: "The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded." (You can donate to the project here..)

10 of 222 comments (clear)

  1. Latest update by Anonymous Coward · · Score: 5, Informative

    From the linked article:

    Update, Feb. 5, 2015, 5:55 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations have also poured into Werner Koch's website donation page to the tune of nearly $50,000 so far.

    1. Re:Latest update by gwolf · · Score: 4, Informative

      You should really update your key. A 1024D key with a SHA1 primary signing algorithm is no longer considered safe.

      (Data point: We did quite a work in Debian to migrate to 2048R with SHA256)

    2. Re:Latest update by swillden · · Score: 4, Informative

      Holy Hell, I hope you mistyped something!

      He didn't, and he's right, and there's nothing wrong with what he's doing.

      The key in question isn't a login authentication credential used to access large numbers of machines. It's the key used by Debian systems to verify that they trust software packages from Debian. Note that all Debian software packages are installed as root, and run scripts as root during the installation process. Many Debian software packages include binary code that is run as root during normal usage.

      This means that an attacker with the signing key and access to the download servers can create packages that run whatever code he likes on every machine that installs them, as root. If he picks packages that every running Debian system has to have, he can control all well-maintained machines within a few days. That would be hundreds of thousands, maybe millions, of machines, not thousands.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. Re:Hal Finney by cheesybagel · · Score: 4, Informative

    Wrong. PGP was created by Phil Zimmermann and Hal Finney was the second developer they hired. GnuGP is an open-source reimplementation of the PGP standard written by Werner Koch.

  3. Re:Wrong Koch by bobbied · · Score: 5, Informative

    Too bad, I know of two of his relatives who have more money then they know what is morally correct to do with.

    You mean donating $100 million to help build up a hospital in New York isn't morally a good thing?

    http://freebeacon.com/blog/koch-brother-donates-money-to-hospital-liberals-protest-not-a-parody/

    Another $100 Million for Cancer Research at MIT.

    Another $25 Million for Cancer Research at MD Anderson in Huston TX.

    Then there are donations to the Arts, National Museums and believe it or not *environmental* projects which are on record...

    Yea, these Koch brother guys are the surge of the earth all right, spending all that money on such bad things...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  4. Re:Wrong Koch by Anonymous Coward · · Score: 0, Informative

    Gates is using his money to protect US intellectual property. To get money from him they have to agree to not use cheaper copies of patented drugs. The patented drugs usually cost over 10x as much.

  5. Ah hell why not by gatkinso · · Score: 1, Informative

    20 euro for you

    --
    I am very small, utmostly microscopic.
  6. Re:Wrong Koch by Anonymous Coward · · Score: 5, Informative

    The goodness of their philanthropy does not excuse their usurpation of the 'Democratic Republic', the USA. They are part of the reason the US is now a Corporate Oligarchy!

  7. S/MIME called .. it wants it's something something by ModernGeek · · Score: 3, Informative

    I switched to S/MIME because of the easy ability to have a third party sign your key, and the recipients recognize it; utilizing a similar web of trust that we use for SSL. Sure it isn't perfect, but it's a good platform. All the major mail clients support it as well. Unless you're really worried about privacy, it's good enough.

    However, I feel it's the duty of large corporations that profit from the efforts of men like Werner Koch to hire, retain, and support these people, and allow them to freely continue their research. If not through employment, then through grants.

    <joke>I guess he shouldn't have sold all his Radio Shack stock</joke>

    --
    Sig: I stole this sig.
  8. Re:No, he's not by Enigma2175 · · Score: 3, Informative

    PGP has brought incredible value to people, and thus its inventor should be rewarded properly.

    However, this person is not the inventor of PGP, Phil Zimmermann is. Koch just wrote an open source program that complies with the OpenPGP RFC. This is certainly valuable and I do think that the community receives sufficient benefit from this program to support it financially, but Koch isn't an inventor, he is a programmer that implemented a public standard.

    --

    Enigma