As might be obvious by now, this is a homepage for some person known as Phil Pennock.

I've had websites; I've let people endure some truly awful pages. This site is bare and will probably remain fairly bare. It's probably still awful.

There are some small bits of software I've written which are available. I also contribute patches to various open-source projects. I've been involved with Exim and Zsh. The sieve-connect software is commonly available in OS packaging.

Elsewhere, there's miscellaneous software on GitHub (linked below). There's public software written in Go (Golang) through my company, Pennock Tech, LLC; There's lots of other scattered bits. Some folks use my GnuPG packages which install into /opt/gnupg, over on


I have an Internet footprint which is non-trivial. I send mail to various lists, etc. I have even succumbed to the onslaught of the social web. For various hysterical raisins I am commonly “syscomet” online — it's more unique than my normal name but not something I self-identify with: merely a convenient, mostly unique, handle.


I was a founding member of the Go Steel Programmers, a user-group for the Go programming language, in Pittsburgh, PA, USA. We later folded into the newer Code & Supply group for programmers in Pittsburgh (organizers of the Abstractions conference).

I am a mostly-emeritus maintainer of Exim and contributor to Zsh.

PGP / Contacting

My current primary PGP key for personal use is 0x4D1E900E14C1CC04; this key is in the strong set. I also have a key in Keybase; this key is rather more exposed, living on a laptop, and thus should not be especially trusted via the WoT. It exists to have a Keybase presence. Some other older keys, revoked in 2016, used to be listed here; no longer. In particular, key 0x403043153903637F was used for past releases of Exim and announcements about Exim, until its replacement by 0x4D1E900E14C1CC04.

PGP users, find paths to me by putting in your PGP key ID:

Retrieving my PGP key

Mechanisms to retrieve my PGP key include:


If you use XMPP/Jabber and have an Off-The-Record (OTR) protocol plugin, then my OTR key fingerprints may be of use. Currently:
phil.pennock  | : 3B6803C6 DD2E5DF3 3E4591BD 6714AA1C 742577A1  (laptop 1)
phil.pennock  | : 700CE34A DBE72E9C 337352CC 286A9C25 8A9AD952  (laptop 2)
phil.pennock  | : 05BE58FF 6779FDEA A8CF853E 413A9EC4 D898C3A0  (mobile, awkward)
You can also download a PGP-signed message listing my OTR fingerprints. Google's changes to XMPP support mean that the gmail contact address no longer reliably passes XMPP messages, so the FP has been removed from the signed statement. I prefer to use true XMPP.

Other OpenPGP Notes

I have a page about PGP keyserver implementations.


See for information about the CA which I run for myself; that site itself uses a certificate from a more widespread public CA, to ease access. No warranty is made about my CA, the master keys are not stored off-line, etc.