[Announce] GPGME 1.1.6 released
Alon Bar-Lev
alon.barlev at gmail.com
Thu Jan 10 17:49:00 CET 2008
On 1/10/08, Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> At Thu, 10 Jan 2008 15:40:15 +0200,
> "Alon Bar-Lev" <alon.barlev at gmail.com> wrote:
> >
> > On 1/10/08, Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> > > Can you describe your problem in more detail?
> >
> > It is not my problem... Well... kind of... as you guys keep breaking
> > backward compatibility, and I get all the bugs of depended packages.
>
> gpg and gpg2 are separate product lines, which are both fully
> supported for the foreseeable future.
Forcing users to install both versions on their system, maintaining
problem with each is incorrect approach. But whatever... we cannot
change this now.
> > For example, if you have webmail that holds gpg keys on behalf of its
> > users... Current implementations enables users to specify passphrase
> > using html dialog, and pipe the passphrase into the gpg application.
> > Agent mode is not suitable for this kind of operation.
>
> That's a very specialized application domain which requires a ton of
> further considerations, and a lot of effort to get it "right"
> (arguably, your assumptions already restrict the feasible security
> that can be achieved). Under such circumstances, I don't think it is
> unreasonable to require some extra effort in choosing an appropriate
> pinentry solution. The gpg2 framework allows for a number of
> solutions here, but which one is best requires careful considerations
> to the specific requirements.
This answer is political and not technical... There are working
applications *NOW* and you are going to break them.
But again... this is irrelevant now... from experience you guys will
do whatever you like, forwarding the issue to distribution
maintainers.
Alon.
More information about the Gnupg-devel
mailing list