[PATCH GnuPG] agent: Enable restricted, browser, and ssh socket by default.

Werner Koch wk at gnupg.org
Tue Sep 20 11:51:33 CEST 2016


On Tue, 20 Sep 2016 10:12, justus at g10code.com said:

> Please clarify.  Do you consider automatic changes of the configuration
> okay or not?

Yes.  On a desktop the main gnupg application may change gpg-agent so
that it works bets for this use case.  That is what we have done all the
time for example with keyservers.

> What if two tools need contradicting settings?

The configuration option in question are system policy decisions
(e.g. loopback password, passphrase constraints and so on).  Thus there
can be only one valid setting.  A tool requiring a contradicting setting
would violate the system policy.  Note that gpgconf has a way to inhibit
certain changes based on a system wide policy file
(/etc/gnupg/gpgconf.conf)

> 'restricted' on the other hand hints at why you might want to use this
> over the standard socket.  Maybe 'remote'...

I recall that my first idea for the option name was --remote-socket.  I
did not name it so because it is not a remote socket but a local socket
which is forwarded to the remote site using a separate tool (ssh).

"restricted" does not describe the feature, "additional" would be better
but that is too long; thus I still like "extra".


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20160920/76ae294b/attachment.sig>


More information about the Gnupg-devel mailing list