It’s not ideal but that’s life. I’m moving into a different direction and am cleaning up some loose ends. I want to make sure I do the best I can for the project and its users before leaving. Read the issue fully… it’ll explain in detail. I think it’s also an interesting and somewhat ironic format.
Looks like this means Picocrypt will no longer qualify to be listed on PG since Picocrypt for macOS will probably break soon and it won’t be cross platform anymore. The PG community can decide how to handle that, whether to keep, delist, redirect to a fork in the future, or something else.
I just want to make it clear that the software is still fully functional and no different, it’s just frozen. Unless the core cryptographic design is problematic, which is unlikely, you can continue using it for as long as you can get it running or running from source.
Open to questions and will stick around for 5 days, then I’ll hop off. Sorry for any inconvenience this may cause. It is my hope that the community will pick it back up again, but I offer no pointers nor have any ideas. The only case I would consider linking to a successor is if PG itself forks Picocrypt into their GH organization because PG is as close to trustable as I would consider (no offense). But of course, not expecting anyone to do anything.
Thank you so much for sharing this statement with us. While it may not be the best circumstances, everything you mentioned about “vibe coding” demonstrates how it can suck the life out of what it means to create personal projects like yours. I really appreciate your honesty and wish the best for your future endeavors!
For starters, I have no idea if anyone in the PG community is willing maintain a fork of Picocrypt for the long run. It shouldn’t be too difficult though since maintaining Pictocrypt is much easier than creating it from scratch.
VeraCrypt is open source, arguably the safest option if using Picocrypt is out of the question for you completely. Can’t go wrong with either Cryptomator or VeraCrypt. You can still use Cryptomator locally, it’s just designed in a way to function well with cloud storage.
You can encrypt any file anywhere. Doesn’t need to be cloud. But it is more famous for using it to encrypt files in big tech cloud. But it is not a necessity.
I’ve been studying cryptography lately, and have had some interest in helping out the FOSS world. Maintaining a “complete” project might be a good way to get involved. Seems like the main ongoing support will be for MacOS, which I sadly don’t have at the moment. Don’t want to make any promises, but it sounds interesting to me.
Another option is to just use GNU Privacy Guard (gpg). It can be used from the command line or the gpg4win package comes with a couple of different graphical tools. With it you can encrypt/decrypt/sign files or messages with private keys.
Cryptomator would be easier for some workflows though.
Apologies if I’m wrong (not a dev) but I’m glancing at the project on GitHub and it seems the license is unclear. Since the torch may be passed onto someone else, I figure it’d be important to clarify if it is under the GPL-3.0-only or GPL-3.0-or-later license.
Thanks for the countless hours you put into developing PicoCrypt!
I’m not aware of a GPL-3.0-later license since GPLv3 is the newest afaik, but I’m happy to let Picocrypt go under GPL-3.0-or-later (you can quote this if ever in doubt). I didn’t really think much about the license when I started the project and just slapped on GPLv3 to prevent any liability and since it’s standard practice for FOSS. In retrospect, this appears to be the right choice since it requires downstream forks/modifications to also be open source for the public benefit.
@HACKERALERT
please see the section 14 in the license
and more importantly the “How to Apply These Terms to Your New Programs” which states it must be set in the header of each applicable file.
you can alternatively use the SPDX identifier: GPL-3.0-only or GPL-3.0-or-later
Thanks for the pointer, I’ll update Picocrypt.go to append “or later”.
If I add a # License section to the README and explicitly state all of the Picocrypt organization’s code is GPL-3.0-or-later, would that be good as well?
edit; just realized replied to the wrong person, oops.
