gnome keyring & gpg agent
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 5 04:14:25 CEST 2015
On Thu 2015-06-04 22:09:28 -0400, Neal H. Walfield wrote:
> The main change in 2.0.28: dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
> (plus the minor fix in ef0741ac54c63b9b744de9dec86e82c530f9543a).
Thanks, that's good to keep track of.
>> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
>>
>> Maybe we need to offer them a patch. the goal here is just to disable
>> gnome-keyring's gpg-agent proxy implementation by default, right?
>
> That's correct. It should be sufficient to configure gnome keyring
> with --disable-gpg-agent (but I haven't tested this).
that would make it so that users who wanted to use gnome-keyring as the
gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and
who otherwise ignore the concerns Werner has raised about
gnome-keyring's incomplete gpg-agent support) would be unable to do so.
It's a more invasive change than just disabling the functionality as per
runtime defaults.
Then again, that might keep us from dealing with a lot of extra bug
reports :)
>> > - Make Gnome Keyring depend on pinentry-gnome3.
>>
>> I've opened https://bugs.debian.org/787786 for this.
>
> In that report, you note:
>
> This is part of a larger project to reduce superfluous dependencies
> on headless servers that use GnuPG while improving the user
> experience for desktop users of GnuPG
>
> That's a worth effort, but it might be worth mentioning that it is
> also about fixing the gnome keyring hijack problem.
The bug reports referenced in #787786 each point to the hijacking
problem as well, but i welcome any followup at 787786 at bugs.debian.org
that you think would be relevant there too.
Thanks,
--dkg
More information about the Gnupg-devel
mailing list