gnome keyring & gpg agent

Neal H. Walfield neal at walfield.org
Thu May 14 20:34:40 CEST 2015


Hi Daniel,

At Thu, 14 May 2015 09:36:17 -0400,
Daniel Kahn Gillmor wrote:
> But having a clearer/cleaner relationship between the released tarballs
> and the upstream repo makes it easier for debian developers to
> contribute back to upstream, and to pull narrowly-targeted changesets
> from the upstream revision control if they're needed to fix identified
> bugs before a new release comes out.

The pieces are now basically in place to fix the GPG Agent / Gnome
Keyring issue.  There are three minor issues:

  - There are a couple of small deficiencies in the gnome3 pinentry
    (e.g., no one button confirmation messages, but this is easily
    worked around).  These deficiencies have more to do with
    limitations in Gcr than with the Pinentry implementation.

  - Gnome Keyring's maintainer hasn't yet ripped out the GPG Agent
    support, but fully agrees with the changes so far.  (Of course,
    the GPG Agent proxy can be trivially disabled since it is a
    separate component.)

  - To fully replace Gnome Keyring's GPG Agent Proxy, a couple of
    minor changes had to be made to GPG.  These are so far only in
    2.1, but I will backport them to 2.0 soon.

Is it possible to fix this issue in Debian Stable (e.g., in the next
point release)?

So far, I've identified these requirements:

  - Adding a new pinentry-gnome3 package with the yet-to-be-released
    pinentry with Gnome3 support.

  - An update to GPG with the relatively small change.

  - An update to Gnome-Keyring that disables it GPG Agent proxy.

  - Make Gnome Keyring depend on pinentry-gnome3.

Thoughts?

Neal



More information about the Gnupg-devel mailing list