OpenPGP vs inline PGP

Neil Williams linux@codehelp.co.uk
Fri Jul 11 00:20:02 2003


--Boundary-02=_rceD/Qm5Vuh6zz0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Thursday 10 Jul 2003 8:44 pm, Robin Lynn Frank wrote:
> On Thursday 10 July 2003 10:52, Neil Williams wrote:
>
> The scope I am using says sometimes the procedure works and sometimes it
> doesn't.  That is obvious from both the kmail howto and the gpg docs
> mentioning newpg/gpg-agent.    This leaves us with the 1980's approach of
> hand-editing files we shouldn't have to go near. =20

I don't see how that is important - anyone installing a local web server or=
=20
virtual hosts, or setting up local DNS, a whole manner of simple sysadmin=20
configuration tasks - all are best done in Vi/Emacs, especially for a remot=
e=20
machine - all you have is an SSH login. It's a simple change to a simple=20
script that root should be well capable of performing. If the distro doesn'=
t=20
create an .xsession file, bung the command into /usr/bin/startkde
Easy. It's not rocket science. It can even go in the same line of the file =
on=20
each machine. I suppose it's even possible to write a bash script to do it=
=20
automatically if you REALLY want to. Wow, that's hard -=20
$ scp gpg.sh user@remote:gpg.sh
$ ssh user@remote=20
su
# chown root.root ./gpg.sh
# chmod 700 ./gpg.sh
# ./gpg.sh
exit
exit

I've done more work upgrading a single PHP script.

1980's? Do you think all sysadmin stuff should be done in a GUI just becaus=
e=20
it's 2003? GUI's are only a part of the answer, I believe a major problem=20
with Windows was the removal of command-line configuration tools and the=20
reliance on GUI settings. There are some configurations that simply cannot =
be=20
achieved through LinuxConf or Webmin or anything else GUI. Especially where=
=20
remote machines are concerned - all you have is SSH usually so vi or emacs =
is=20
the only way of working.

> We have 40 machines in 5
> distant locations.  Do you really think we are going to deploy in this
> manner?

Why not? It's not hard. It's not as if it doesn't have to be done in other=
=20
situations. It's all part of a sensible maintenance regimen. You'd have to=
=20
log into these machines from time to time anyway for routine admin tasks.

Over even a slow connection, it would take less than 5 minutes per machine.

> And if the user lives where there are no hills???

Get some burly rugby players. Be inventive, Be flexible, Be Tux.

Would you prefer that your Linux distro was as inflexible as Windows?* A lo=
t=20
of the noted Linux security bonuses come from editing config files by hand=
=20
through a remote SSH login.

* inflexible in this context, I use to mean that Windows doesn't offer the=
=20
config tools, which can encourage some bad people to exploit Windows to mak=
e=20
it do what they always intended, leaving ordinary bods unable to make chang=
es=20
to repel such exploits without whining to MS and waiting for a patch.

> > Variety is the spice of life.
>
> We don't share the same view.  To me, it works or it doesn't.  Its secure
> or it isn't, etc.   I think I'll wait until this has been ironed out a bit
> more before trying to deploy it.

You need a challenge. Go to it!

Don't you enjoy this admin lark anymore?

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_rceD/Qm5Vuh6zz0
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/DecriAEJSii8s+MRAgjNAKCqdHCG237cYy37u77A0fVfmE7Y/gCfflxM
STNbVPzsVRda1vLSiCcwjyA=
=kk3v
-----END PGP SIGNATURE-----

--Boundary-02=_rceD/Qm5Vuh6zz0--