Documentation blues

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jun 24, 2003 at 03:39:01PM -0700, Robin Lynn Frank wrote:
> On Tuesday 24 June 2003 01:51 pm, David Shaw wrote:
> 
> > What is "order of need"?  My order of need is bound to be different
> > than someone elses.  Anyway, see the README file that comes with GnuPG
> > and/or http://www.gnupg.org/gph/en/manual.html.  That seems to be what
> > you are looking for.  They don't get into the more esoteric commands
> > though.
> >
> Actually, cipher-algo, digest-algo and cert-digest-algo don't appear
> in those documents (unless I've gone blind).  Since they can be used
> in gpg.conf, that would be the logical place to look.

cipher-algo, digest-algo, and especially cert-digest-algo fall into
the "esoteric" command category.  They are not something that should
be used except in very special circumstances, and those circumstances
are usually rare.

> And I am still looking to find out if I can make these preferences
> global, perchance in /etc/gpg.conf of something similar.

There is no global gpg.conf.  You can build custom preferences
directly into the binary if you really want to, but this is
discouraged.  A global gpg.conf can be dangerous - it means that
someone else could change your encryption details out from under you,
and thus cause something unexpected or unwanted to happen.

I'm not necessarily talking about a malicious attack (someone who
could change /etc/gpg.conf could probably change your gpg.conf file
anyway), but an change that is reasonable in a global gpg.conf may not
be reasonable in your local gpg.conf and cause a problem.

> > > Now in response to David Shaw's comment about my post about tedious
> > > documentation, If I knew enough about gpg to contribute to the
> > > documentation, I would not have needed to ask my question in the
> > > first place.
> >
> > I don't agree with this way of thinking.  If you know enough to ask a
> > question, I think you are extremely close to understanding the answer.
> > The person who truly doesn't understand often doesn't even understand
> > how to ask the question.
> >
> > If you ask a question, and get an answer that you understand, why not
> > write a paragraph on that specific detail for the manual?  If you had
> > to ask the question in the first place, clearly the manual didn't give
> > you the answer.  Once the question is answered, though, you know the
> > answer and could write a few lines on the subject for the next person.
> >
> > I'm usually happy to answer questions, but utterly delighted to answer
> > them when the answer is going to be put into the documentation.  Good
> > documentation helps everyone.
> 
> Maybe what is needed is a good configuration tool.  There a a bunch of 
> frontends but I haven't seen one that will write gpg.conf (Maybe there is 
> one, but I must have missed it.

I think the OSX frontend does write gpg.conf (of course, you'd need to
be running OSX).  I wonder if someone wants to make a GnuPG module for
the dotfile generator (http://www.blackie.dk/dotfile/).

That said, the standard works-for-almost-anyone configuration is a
*blank* gpg.conf.  The default options built into the program are
carefully chosen to be the right values for the majority of uses.  A
significant number of problems (both in use of GnuPG and in
interoperability with other users) come when people change these safe
defaults.

GnuPG gives the user a significant amount of configurability.  That's
a good thing usually, but the other side of this is that GnuPG also
gives the user a significant ability to shoot themselves in the foot.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE++OoR4mZch0nhy8kRAhbQAKC9G2/Kd1yhexj1oB02hBykGDdUSgCZAcHj
d8MY2Ptx6QyN0mwSS+nsUFo=
=ADf4
-----END PGP SIGNATURE-----