New gpgme 0.3 release

Werner Koch wk at gnupg.org
Tue Nov 25 09:27:57 CET 2003


On Mon, 24 Nov 2003 21:58:29 +0000, Pawel Salek said:

> task is to be able return (CODE_SHARED_BETWEEN_APPLICATIONS, 
> APPLICATION_CODE) tuple, there are much more convienient ways to do  
> that than adding new libraries. The same holds for consistent  
> translations.

I am interested in learning about that.

> That's a very good idea but how does it conflict with the scheme I  
> described above? Spawning a process to securely process sensitive data  
> is an implementation issue of libgpg. I assume you want to avoid  

It is not about spawning but to separate task out to different
programs.  This is to reduce complexitiy of the single programs.

> of too many configuration problems. Security problems can be avoided by  
> controlling complexity and clean interface design. I can imagine that  
> the interfaces become cleaner but what about complexity?

So, you thing complexity is reduced by putting everything into one
large library or application?  That might be true for someone who
wants to build the software but not for a user.

> I am not sure we have the same understanding of a linking process. Even  
> if all these three libraries were in merged in a single file, only used  
> objects would be linked in the gpg-agent binary and obviously unused  
> modules would not affect it.

You don't know whether they are unused because we won't build static
libraries but shared ones and there all code is available and may be
used to exploit bugs.

> My opinion is that packaging is for the user. I am now not complaining  

Well, the instruction are pretty clear and the configure even telles
you where to get the libraries (even summarized at the end of the
configure run); the REAMDE file or the announcements tells you also
what libraries are required and in which order they are to be build.

Where is the problem?  Ever tried to build Evo or GnuCash ;-)

> software with as little hassle as possible. I would be much happier if  
> the spec files provided by Axel were merged in and distributed with the  

As Marcus said, we can do that but we can't test it.

  Werner

-- 
Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org




More information about the Gpa-dev mailing list