GPA - unsupported certificate
Dark Penguin
darkpenguin at yandex.ru
Wed Dec 9 18:57:04 CET 2015
>> I'm not sure if this idea makes sense, but maybe it would be easy to
>> add a check on the version of said gpg-agent before attempting to use
>> it?..
>
> I know certain recent versions of GnuPG complain and warn about the
> hijacking, but that is during usage on the terminal.
Then this should definitely alert GPA to forward the warning to the
user! It's already there, but GPA is ignoring this?.. (I don't have a
"recent" version of GnuPG, so I can't be sure this is not already done.)
>> maybe it would make sense to disregard GPG_AGENT_INFO if it points to
>> GNOME Keyring one, or maybe even disregard it always, or maybe even
>> have GPA use another fixed path to always connect to "our"
>> gpg-agent?
>
> GnuPG 2.1 already always uses a fixed path and disregards the variable.
> And recent GnuPG 2.0 versions already warn about the hijack. The problem
> is that two software projects want opposite things; this would lead to
> an arms race. But fortunately, it will all go away when distributions
> start using recent versions of the software, as the issue has finally
> been resolved.
Ok, so now it's only a question of GPA and GnuPG 2.1 being backported to
Jessie. That's good to know.
> Oh, by the way, the functionality that GNOME Keyring is providing is
> that it offers the option of unlocking your GnuPG keys when you log in.
> I've never understood why this is so darn important. Without GNOME
> Keyring, you would type two passphrases per login session: once to
> login, and for the second time when you use your GnuPG key for the first
> time. The gpg-agent can then keep the key unlocked for the rest of the
> time if you want it to. With GNOME Keyring, it is reduced to one
> passphrase: your login passphrase. Some might say that's a 50% gain, I
> say it is the smallest possible gain: you gain one less
> passphrase-entering moment per session. Whooptie-friggin'-doo. I don't
> get it.
I just wanted to say that "the GNOME guys must have some reason to do
that, though I seriously doubt their reasoning since GNOME3". Now I see
I was actually right. %)
--
darkpenguin
More information about the Gnupg-users
mailing list