Should I mark/announce GNOME as incompatible with gpg2 for now?
Andre Heinecke
aheinecke at intevation.de
Thu Aug 28 16:38:51 CEST 2014
Hi,
On Thursday, August 28, 2014 - KW 35 03:30:23 PM Werner Koch wrote:
> On Thu, 28 Aug 2014 12:46, stef at thewalter.net said:
> > It seems that you don't want gpg2 used with GNOME 3.x as is (in its
> > default configuration).
>
> No, I want you to change the default configuration - I told you that
> over lunch during last years FOSDEM. This mess is going on for many
> years now and a lot of people are annoyed. Fortunately most users of
> GnuPG's S/MIME feature are using KDE and not GNOME and thus are not
> affected by that hijacking. With 2.1 OpenPGP users will also be
> affected and thus I escalated this issue using the new warning.
Still even if your run a mostly KDE desktop your distribution might ship the
gnome-keyring pseudo gpg-agent and it might be started before the real gnome-
keyring.
Kleopatra currently fails in the self test if gnome-keyring is hjacking the
socket with an "error while asking gpg-agent for its version". There are
already some bugs about this from users that do not know what is wrong.
But at least it complains. With older versions of kdepim / kleopatra you just
get nasty unexpected errors when you try to use features which are not handled
by your "pseudo" gpg-agent.
So I'm interested in this discussion as I should probably add a similar
warning in the Kleopatra self test in case gnome-keyring has hijacked the
socket as this hijacking breaks Kleopatra.
>
> > Should I go ahead and announce that gpg2 (version 2.0.23+) is
> > incompatible with GNOME and people should USE gnupg 1.4.x with GNOME 3.x
>
> The warning message says it all: GKR is hijacking the IPC between
> components of GnuPG - you don't have to mess with that! Shall I start
> to encrypt and authenticate the IPC just to make it harder for GKR to
> mess with it - that would be a silly game.
I agree with Werner here. I feel like you want to trick users into using
gnome-keyring when they expect to communicate with gpg-agent (With users I
also mean other pieces of software)
From a Kleopatra standpoint I would like to see gnome-keyring packaged with a
"breaks gnupg2" or at least the gpg-agent hijacking part should be packaged in
a seprate package which can conflict/break with users of gnupg2 features.
It is not gnupg2 that is incompatible with gnome-keyring, it is gnome-keyring
that deliberately breaks a large part of the feature set of gnupg2.
I mean what would you say if KWallet would set a GNOME_KEYRING_CONTROL
environment variable to point to itself? Would you then go ahead and say gnome
software is not compatible with a KDE Desktop or would you complain that
KWallet breaks gnome-keyring users and should stop setting the variable?
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140828/72d4b012/attachment.sig>
More information about the Gnupg-devel
mailing list