This is expected. The OAuth spec defines two client types -- confidential clients (eg. web apps) "capable of maintaining the confidentiality of their credentials" and public clients (eg. native apps) "incapable of maintaining the confidentiality of their credentials". https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
> A native application is a public client installed and executed on the device used by the resource owner ... It is assumed that any client authentication credentials included in the application can be extracted
Git Credential Manager indeed release a self-contained binary for Linux x86_64 (no arm64 yet), though the installation size is necessarily large (80 MB) to include the .NET runtime. For comparison, git-credential-oauth Linux binaries (x86_64 and arm64) are much smaller at 5 MB. https://github.com/hickford/git-credential-oauth#comparison-...
PGP complete lacks perfect forward secrecy. Suppose an eavesdropper is recording your email, even though they can't understand it. If your private key is ever compromised (say by torture or subpoena), then all your previous messages can be immediately decrypted.
> You could say that Bob losing control of his private key
was the problem. But with today’s easily-compromised personal computers, this is an all-too-likely occurence. We
would really prefer to be able to handle such failures gracefully, and not simply give away the farm.
I've played with one. Domokos gave a lecture at Trinity College, Cambridge. Most ways that you place it, it behaves unremarkably, but there's one way of placing it such that it rocks back and forth and has almost settled down to the almost-stable point when it falls over perpendicular and ends up at the single stable point. This is the way to demonstrate it.
