So this week in class we had a lot of discussion about GPG (Gnu[Gnu’s Not Unix] Privacy Guard) Keys. GPG Keys allow a user to encrypt and sign data, making the data private, as well as acting as a method to ensure that the source of the data is legitimate. A user can generate their own unique (Note: TECHNICALLY two people could receive the same key, but the number of possible keys that can be generated is so astronomically large that it’s basically not even worth considering this possibility) key that they can use to sign their documents, and create a verifiable legitimacy on their end. GPG Keys can provide a very useful service for individuals who need these sorts of features, but isn’t a necessity for users who don’t need this formal verification.
While the digital key is useful once it’s established which key belongs to which user, the process of actually verifying a key is one of the most important steps that gives the key its “value.” This particular element of GPG keys is what I want to focus on for this blog post.
I will happily make an argument for the social aspect of computing and FLOSS collaboration whenever necessary, and in all honesty I have a handful of relevant points to make in support of that position readily available, but I don’t see this culture as a particularly social one. It’s an inherently digital practice that links people together, but the majority of the communication between collaborators is, from what I’ve seen, equivalent to the discussions I’ve had with former bosses at tech companies. It’s purely in pursuit of project completion, and not particularly personal. This, to me, isn’t what I would consider a social interaction, and it seems to make up the majority of interpersonal communication within the FLOSS community. Given this objective-oriented approach to conversation and discussion, I think the idea of a key-signing (although, no keys are being signed, just verified) event is hilariously out of place in the context of FLOSS culture. My intention isn’t to poke fun at the community as a whole, but given the lack of personal communication (as opposed to project-focused communication) I’ve seen when examining the community architecture of a project like Tahrir I find the whole key verification process kind of out of place.
I don’t have any ideas for alternate ways of verifying a user’s key(s), but I think it deserves some thought, not in the context of trying to make key verification a less social task to make it fit in with the rest of the culture as a whole, but instead I think it would be prudent to make the culture more social. There are plenty of FOSS contributors with very social, public-facing communication channels like twitter and facebook, but I think that all those channels are still very internalized to the community itself. It’s not something I had ever come across before enrolling in this class, despite doing some cursory research on FOSS projects in preparation for my future career. I think creating a more social atmosphere for the community can be accomplished in a lot of ways – local meetups that new users are welcome to come along to (most importantly to make sure these spaces are welcoming to new users) are a great example. Hosting events to onboard new users onto Linux-based operating systems and demonstrating that it’s not as intimidating as movies and popular culture makes it out to be.
Again, I’m not sure I have any time or willpower to execute on these ideas at the moment, but at the very least I think it’s a good idea to get the discussion rolling in hopes that we can make the community as a whole more open to new users, because we all benefit from a larger userbase of contributing coders.