gpgme: need *both* gnupg and gnupg2?
Werner Koch
wk at gnupg.org
Wed Mar 5 08:40:18 CET 2008
On Tue, 4 Mar 2008 23:39, rdieter at math.unl.edu said:
> Thanks. Ok, sounds like I may have been a bit naive using
> --enable-selinux-support without fully understanding what it does
> exactly. Would someone kindly elaborate what --enable-selinux-support
> does? (responding, "just don't use it dummy!" is an acceptable answer
> too. :) )
The idea is that only the gpg process may access files with sensitive
data (e.g. secring.gpg) this allows to set up proper ACLs for the gpg
process. Now we can't allow gpg to export this sensitive data because
any iser may issue the export command and thus get a copy of the
secring.gpg.
BTW --allow-secret-key-export is obsolete and a dummy option since 1.0.7
- you better remove it from.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list