pinentry's new window titles could be more (less?) informative

Daniel Kahn Gillmor dkg at
Thu Sep 28 13:06:02 CEST 2017

I've been playing with pinentry's master branch -- i really like the
idea of showing some information about the process that's invoking
gpg-agent in the title bar, to the extent that pinentry can infer it
from the system's introspection mechanisms.

however, the information shown usually isn't meaningful to the end user,
because it shows some complex gpg command line generated either by gpgme
or by the actual user-facing tool's understanding of how to invoke gpg.
Here's a recent example of a window title:

    [13132]@alice (/usr/bin/gpg --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 -a -t --encrypt --sign --trust-model always --encrypt-to 0x0EE5BE979282D80B9F7540F1CCD2E

(i recognize that this is truncated, but i haven't done the legwork to
figure out where it's being truncated -- maybe xwininfo doesn't believe
that a window title could be this long?)

At any rate, normal humans don't want to see all that :P

What the normal user in the above scenario would probably want to see is
something more like:

    thunderbird on alice (process 2504)

or maybe:

    thunderbird on alice

or maybe even just:


and only show the "on alice" host information if the invoking program is
not on the same host as the agent.

I grant that just using the title "thunderbird" will confuse people even
more about the pinentry window -- it's not actually a thunderbird
window!  The bug reports will be confused!  If we want to make it a
little bit clearer, then we could show something like:

    thunderbird invoking gpg


    gpg from thunderbird

As for where we get this information from, i'm imagining that the logic
would be:

 * if the invoking program is not from the GnuPG suite, just show the
   invoking program (we can deal with those things later, though i don't
   know how many non-GnuPG tools talk to gpg-agent directly -- i only
   know of agent-transfer, which i wrote).

 * otherwise, look at the parent process of the invoking program.

 * if the parent process is pid 1, show the details of the invoking

 * otherwise, show the details of the parent process.

What do folks think?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170928/aa882ded/attachment.sig>

More information about the Gnupg-devel mailing list