As might be obvious by now, this is a homepage for some person known as Phil Pennock.

I've had websites; I've let people endure some truly awful pages. This site is bare and will probably remain fairly bare. It's probably still awful.

There are some small bits of software I've written which are available. I also contribute patches to various open-source projects. I've been involved with Exim and Zsh. The sieve-connect software is commonly available in OS packaging.

Elsewhere, there's miscellaneous software on GitHub (linked below). There's public software written in Go (Golang) through my company, Pennock Tech, LLC; There's lots of other scattered bits. Some folks use my GnuPG packages which install into /opt/gnupg, over on


I have an Internet footprint which is non-trivial. I send mail to various lists, etc. I have even succumbed to the onslaught of the social web.


I was a founding member of the Go Steel Programmers, a user-group for the Go programming language, in Pittsburgh, PA, USA. We later folded into the newer Code & Supply group for programmers in Pittsburgh (organizers of the Abstractions conference).

I am a mostly-emeritus maintainer of Exim and contributor to Zsh.

PGP / Contacting

My current primary PGP key for personal use is 0x4D1E900E14C1CC04; this key is in the strong set. I also have a key in Keybase; this key is rather more exposed, living on a laptop, and thus should not be especially trusted via the WoT. It exists to have a Keybase presence. Some other older keys, revoked in 2016, used to be listed here; no longer. In particular, key 0x403043153903637F was used for past releases of Exim and announcements about Exim, until its replacement by 0x4D1E900E14C1CC04.

PGP users, find paths to me by putting in your PGP key ID:

Retrieving my PGP key

Mechanisms to retrieve my PGP key include:


I sometimes use XMPP/Jabber. Historically I used the Off-The-Record (OTR) system for privacy and had a PGP-signed statement listing my fingerprints here. I do not currently use OTR.

Other OpenPGP Notes

I have a page about PGP keyserver implementations.


See for information about the CA which I run for myself; that site itself uses a certificate from a more widespread public CA, to ease access. No warranty is made about my CA, the master keys are not stored off-line, etc.