Gnupg is a default package for Ubuntu[1], so not always.

"Install something better"

That's a bit mysterious. Various Google searches don't suggest anything obvious.

[1] See http://releases.ubuntu.com/bionic/ubuntu-18.04.2-live-server... ctrl-f, search for gnupg

GnuPG could do with better defaults, but that is true for every system good enough to have aged. A more modern KDF would also be welcome but it won't impact end user security. Just to put things in perspective.

...if you use it correctly. It appears that many people can't do this.

Telling users that it's broken without pointing to a clear alternative is counter productive as they are likely to end up much worse.

A more modern KDF would be welcome, but it is also important to communicate the benefit to an end user: You get comparable security with a shorter password. There are other things to consider when choosing an encrypted file format.

It's pragmatic, informative, and highlights that bashing gpg for this specific use case, without naming something better...is arguably worse than saying nothing.

Why downvote it instead of just naming a better choice? What's the big secret?

I downvote lots of things. On Hacker News, we're explicitly encouraged to downvote disagreement, especially when verbalizing that disagreement will just clutter up the thread. Everyone gets downvoted. I've been downvoted all over this thread. You were just downvoted a minute ago.

The one thing we're not supposed to do is complain about downvoting. That's in the guidelines for the site.

Where does it say that? It says a better kdf would improve the security of shorter passwords. I don't see anything that suggests a poor kdf is a feature.

The kdf used for "gpg -c" also seems better than "openssh enc". And we've still not heard what the reasonable alternative is for symmetric/password file encryption is. So, I'm sticking with gpg for that use case.