support for non-openpgp cards

Peter Gutmann pgut001 at
Sat Nov 20 07:40:10 CET 2004

Simon Josefsson <jas at> writes:

>Then we could try to fix those buggy implementations, and improve the

That'll never happen.  Many vendors won't even *respond* to bug reports, let
alone try and fix them.  If you're a major customer and you have a showstopper
bug you can probably get it fixed if sales are hinging on it, but that's about

(OK, all vendors aren't that bad, particularly if you can figure out how to
 get past their wetware firewalls to the techies, but in general it doesn't
 look good).

>Meanwhile, a realistic way forward might be to write clean code that rely on
>unambiguous APIs, and move the bug workaround ugliness into some library that
>talks with the drivers.

Urgh, then you end up with a huge pile of mapping layers, one for each driver
version (not just driver vendor, but individual driver version).  The way to
do this is to write lowest-common-demoninator code that works for most
drivers.  As I mentioned in a previous message, I've already done this for
almost everything that's out there.

>Then ideally, over time, as implementations are improved, 

This assumes that implementations will improve over time.


More information about the Gnupg-devel mailing list