OpenPGP vs inline PGP

Robin Lynn Frank
Thu Jul 10 21:44:03 2003

Hash: RIPEMD160

On Thursday 10 July 2003 10:52, Neil Williams wrote:

> No matter what it may look like, evaluating the command within the right
> scope is essential to getting it working. Without that environment
> variable, it will simply not work no matter how careful you have been up =
> that point.
The scope I am using says sometimes the procedure works and sometimes it=20
doesn't.  That is obvious from both the kmail howto and the gpg docs=20
mentioning newpg/gpg-agent.    This leaves us with the 1980's approach of=20
hand-editing files we shouldn't have to go near.  We have 40 machines in 5=
distant locations.  Do you really think we are going to deploy in this=20

> The simplest test is, as I described, issue the command in a terminal
> window, then type kmail (don't start KMail from a menu or icon for this
> test, type it in and hit enter), then it'll work. That's proof enough that
> the rest of the compilation / installation is perfect, it's just getting
> the variable loaded properly. I've found somewhere near the middle of
> /usr/bin/startkde is perfect for most distros.
> > That is like
> > saying start you car by inserting the key in the ignition switch, but if
> > that doesn't work, push it down a hill and pop into gear when it is goi=
> > fast.
> But that is actually true. After all, if you buy an old banger you could =
> roll starting it regularly! Both of the methods described will work, it's
> down to the user to try one and use the other if that doesn't work.
And if the user lives where there are no hills???

> > If someone I employed ever did something in that haphazard a manner,
> > I'd fire him in an instant.
> Don't be so dogmatic. There are always shades of grey and some things just
> don't work well in black and white. I'm from a medical field and my work
> involves a complex mix of the black/white areas of organic chemistry /
> pharmacology and the mid-grey areas of psychology, motivation, counselling
> and education. You wouldn't fire a doctor for trying one method before
> trying a more risky second method, just in case the simpler method worked?
> e.g. if keyhole surgery doesn't work, fine go in on elective but there's =
> point denying the opportunity for keyhole - it just has to be tried. Suck
> it and see. The risks or complexity of the second method preclude it's use
> as first-line but it is still worth having as a backup plan.
> Would you rather treat every headache with a CAT scan and morphine just
> because paracetamol doesn't always work?
> Key start =3D plan A - suitable for many, if not most.
> Hill start =3D plan B - a catch-all for problem situations that don't res=
> first time. Involves more effort but ultimately achieves the same
> objective.
> With cars, you'd also need a plan C - call a mechanic!
> With medicines, it would be - refer to the next level, e.g. to hospital
> consultant or specialist etc.
> With software - refer to a LUG, then on to the developers etc.
> Distributions vary enormously and sometimes it just isn't possible to have
> a fixed method - there are rules and standards about how cars have to
> behave but I can write my own Linux distro and it doesn't have to obey any
> of the conventions of Mandrake or RedHat. The more it does follow, the
> easier it will be for others to use, but sometimes there are benefits to
> doing it differently. (Ask any debian lover).
> Variety is the spice of life.

We don't share the same view.  To me, it works or it doesn't.  Its secure o=
it isn't, etc.   I think I'll wait until this has been ironed out a bit mor=
before trying to deploy it.
=2D --=20
Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC
=A9 2003 Paradigm-Omega, LLC.  All rights reserved. Unauthorized
reproduction or dissemination is prohibited.  If the PGP signature is missi=
please forward it to Incoming mail with S/MIM=
or detatched PGP Signatures will be considered unsigned.
Version: GnuPG v1.2.2 (GNU/Linux)