Switch to PGPy - or not?

[BjarniRunar]

This is a discussion issue to capture the pros and cons of switching away from GnuPG entirely, to the PGPy library for our PGP-related cryptography.

[BjarniRunar]

Starting with the cons:

1. GnuPG is very mature and stable. These are important qualities for a cryptography tool.

2. GnuPG support allows us to interoperate (share keys) with other applications. This is valuable to power-users and people who are already using GPG and just want to "upgrade" their mail client to Mailpile.

3. GnuPG support allows us to defer and delegate a lot of low level technical things to the existing GnuPG ecosystem. We don't have to provide tools within Mailpile for import/export of keys and such things, since we can just tell people to "read the GnuPG docs".

4. Memory/process separation/compartmentalization is good engineering. Letting an external GnuPG process handle the secret key material and crypto operations is a good architecture both for security and performance.

[BjarniRunar]

Pros for PGPy:

1. Our packaging and installation story will be greatly simplified, as we won't have to a) rely on the right versions of GnuPG being preinstalled or b) package and ship GnuPG ourselves.

2. Since PGPy is designed as a library from the start (not an application), we will be able to use a well designed API without pulling in GPGME (see Use GPGME - or not? #1742).

3. We won't have to do battle with GnuPG's internal trust models or worry about conflicts with the user's settings in gpg.conf (users can trivially break Mailpile if they decide to turn on all of GnuPG's bells and whistles).

[JackDca]

Pro PGPy: the present architecture in which an external program is executed by a Python wrapper feels kludgy so it's natural to want to "clean up" that complexity. For "neat freak" programmers (like me) that's a powerful argument.

Pro GnuPG: It seems to me that GnuPG is more widely accepted than PGPy - for better or worse, it's the "gold standard". If the objective is (as mine is) to see Mailpile widely accepted, so as to facilitate and promote wider use of end-to-end email encryption, so as to reduce the impact of mass surveillance, then that is important. (Related question: How quickly is PGPy patched if and when vulnerabilities are found?)

Pro GnuPG "for v.1.0". From the point of view of a project manager, a PGPy switch feels like "mission creep". Mailpile is already close to functional. (It IS functional for power users.) Something like a switch to PGPy always takes more work and more testing than anyone expects. The advantages of PGPy are obvious up front, the problems only become clear when you encounter them. A better plan is to get v.1.0 out there (i.e. with a reasonably simple installation procedure on widely used platforms like Windows and Mac), Go for streamlining and de-kludging, possibly including PGPy, in v.2.

Just my opinion.