removing the secmem warning

David Shaw
Mon Jan 7 20:02:01 2002

On Mon, Jan 07, 2002 at 01:29:54PM -0500, Frank Tobin wrote:
> I'd like to question the need for the secmem warning.  Do you actually
> think it is useful?  I am coming to the conclusion that it is only causing
> confusion among users.  As the GnuPG users crowd widens, we're only going
> to see more of the same issue of people asking "what is this error?".
> It's not the asking that is the problem; it is a symptom of many users
> being confused, many that *aren't posting* and think there is a problem
> with their GnuPG.  FAQ's don't help unless they are integrated with the
> software (GnuPG's FAQ isn't).  manpages help a bit, but they are reference
> manuals, not help systems.
> Hence, I suggest that by default, there no secmem warning, and that there
> should be an alternate option "secmem warning" which turns it on.

One of the points of warnings is to warn someone about a situation
they did not know about.  In this case, the user would have to be
already aware of the issue to know they needed to enable the warning.
That defeats the purpose of a warning.

I think something like this would be better:

gpg: Warning: using insecure memory!
gpg: Please read

There is already a similar refer-to-this-web-page in the 1.0.7 test
version for users missing the IDEA plugin.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson