1. a lack of good support via an API/libraries (the standard way to communicate with it seemed to be shelling out to the binary and trying to parse its output
for a long time)
2. terrible UX, especially around the trust model - web of trust is great in theory and for geeks but doesn't work well in practice, and the terms used to explain it invited dangerous misinterpretations (to mark a key as trusted in the sense of "I verified that this fingerprint belongs to that person", you're expected to sign it, NOT mark it as "trusted" - the latter actually causes all keys signed by that key to be trusted, making it a "CA").
These may be addressed by now, but I think this is too little too late.
I dont think those are addressed now. I needed gpg for the first time recently. After fiddling with documentation and weird terms, approaches etc I decided it is not worth whatever it does. My time would be better spent if I learned how to knit or something.
1. a lack of good support via an API/libraries (the standard way to communicate with it seemed to be shelling out to the binary and trying to parse its output for a long time)
2. terrible UX, especially around the trust model - web of trust is great in theory and for geeks but doesn't work well in practice, and the terms used to explain it invited dangerous misinterpretations (to mark a key as trusted in the sense of "I verified that this fingerprint belongs to that person", you're expected to sign it, NOT mark it as "trusted" - the latter actually causes all keys signed by that key to be trusted, making it a "CA").
These may be addressed by now, but I think this is too little too late.