[Announce] GPGME 1.1.6 released

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Thu Jan 10 17:37:36 CET 2008


At Thu, 10 Jan 2008 15:40:15 +0200,
"Alon Bar-Lev" <alon.barlev at gmail.com> wrote:
> 
> On 1/10/08, Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> > Can you describe your problem in more detail?
> 
> It is not my problem... Well... kind of... as you guys keep breaking
> backward compatibility, and I get all the bugs of depended packages.

gpg and gpg2 are separate product lines, which are both fully
supported for the foreseeable future.
 
> For example, if you have webmail that holds gpg keys on behalf of its
> users... Current implementations enables users to specify passphrase
> using html dialog, and pipe the passphrase into the gpg application.
> Agent mode is not suitable for this kind of operation.

That's a very specialized application domain which requires a ton of
further considerations, and a lot of effort to get it "right"
(arguably, your assumptions already restrict the feasible security
that can be achieved).  Under such circumstances, I don't think it is
unreasonable to require some extra effort in choosing an appropriate
pinentry solution.  The gpg2 framework allows for a number of
solutions here, but which one is best requires careful considerations
to the specific requirements.

Thanks,
Marcus




More information about the Gnupg-devel mailing list