OpenPGP vs inline PGP

Robin Lynn Frank rlfrank@paradigm-omega.com
Thu Jul 10 21:44:03 2003


=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Thursday 10 July 2003 10:52, Neil Williams wrote:

>
> No matter what it may look like, evaluating the command within the right
> scope is essential to getting it working. Without that environment
> variable, it will simply not work no matter how careful you have been up =
to
> that point.
>
The scope I am using says sometimes the procedure works and sometimes it=20
doesn't.  That is obvious from both the kmail howto and the gpg docs=20
mentioning newpg/gpg-agent.    This leaves us with the 1980's approach of=20
hand-editing files we shouldn't have to go near.  We have 40 machines in 5=
=20
distant locations.  Do you really think we are going to deploy in this=20
manner?

> The simplest test is, as I described, issue the command in a terminal
> window, then type kmail (don't start KMail from a menu or icon for this
> test, type it in and hit enter), then it'll work. That's proof enough that
> the rest of the compilation / installation is perfect, it's just getting
> the variable loaded properly. I've found somewhere near the middle of
> /usr/bin/startkde is perfect for most distros.
>
> > That is like
> > saying start you car by inserting the key in the ignition switch, but if
> > that doesn't work, push it down a hill and pop into gear when it is goi=
ng
> > fast.
>
> But that is actually true. After all, if you buy an old banger you could =
be
> roll starting it regularly! Both of the methods described will work, it's
> down to the user to try one and use the other if that doesn't work.
>
And if the user lives where there are no hills???

> > If someone I employed ever did something in that haphazard a manner,
> > I'd fire him in an instant.
>
> Don't be so dogmatic. There are always shades of grey and some things just
> don't work well in black and white. I'm from a medical field and my work
> involves a complex mix of the black/white areas of organic chemistry /
> pharmacology and the mid-grey areas of psychology, motivation, counselling
> and education. You wouldn't fire a doctor for trying one method before
> trying a more risky second method, just in case the simpler method worked?
> e.g. if keyhole surgery doesn't work, fine go in on elective but there's =
no
> point denying the opportunity for keyhole - it just has to be tried. Suck
> it and see. The risks or complexity of the second method preclude it's use
> as first-line but it is still worth having as a backup plan.
>
> Would you rather treat every headache with a CAT scan and morphine just
> because paracetamol doesn't always work?
>
> Key start =3D plan A - suitable for many, if not most.
> Hill start =3D plan B - a catch-all for problem situations that don't res=
olve
> first time. Involves more effort but ultimately achieves the same
> objective.
>
> With cars, you'd also need a plan C - call a mechanic!
> With medicines, it would be - refer to the next level, e.g. to hospital
> consultant or specialist etc.
> With software - refer to a LUG, then on to the developers etc.
>
> Distributions vary enormously and sometimes it just isn't possible to have
> a fixed method - there are rules and standards about how cars have to
> behave but I can write my own Linux distro and it doesn't have to obey any
> of the conventions of Mandrake or RedHat. The more it does follow, the
> easier it will be for others to use, but sometimes there are benefits to
> doing it differently. (Ask any debian lover).
>
> Variety is the spice of life.

We don't share the same view.  To me, it works or it doesn't.  Its secure o=
r=20
it isn't, etc.   I think I'll wait until this has been ironed out a bit mor=
e=20
before trying to deploy it.
=2D --=20
Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC
=A9 2003 Paradigm-Omega, LLC.  All rights reserved. Unauthorized
reproduction or dissemination is prohibited.  If the PGP signature is missi=
ng,=20
please forward it to  security@paradigm-omega.com. Incoming mail with S/MIM=
E=20
or detatched PGP Signatures will be considered unsigned.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/DcIzmq9pLlRaCV8RA0lUAJ9HfzYY8PNBKkpzvHvunY2d3DR8AQCggnpG
1TYXBINeQSE1/zrEjiD+Exk=3D
=3DP1G2
=2D----END PGP SIGNATURE-----