Thoughts on GnuPG and automation

Werner Koch wk at
Wed Mar 4 09:55:07 CET 2015

On Wed,  4 Mar 2015 01:45, rjh at said:

> ever hacked on GnuPG has found situations where GPGME isn't a good
> solution, sometimes for architectural reasons and sometimes for API
> reasons and sometimes for language binding reasons and sometimes for
> licensing reasons and... etc.

It can't be that bad:

  $ apt-cache rdepends libgpgme11 | wc -l

and the majority of problems I hear are by projects which do not use
GPGME.  So I wonder a bit about your statement.

Right, it is not easy to control the advanced features of OpenPGP with
GPGME. It can be done and there is quite some example code available.
Please also consider that GPGME is not an OpenPGP thing but a protocol
independent library for off-line encryption protocols (actually it is
also possible to do add online things with it).  GPGME works on all kind
of platforms, form WindowsCE over Android to any Unix system.  There are
two open bugs out of 69 filed bugs over the last 10 years.  Development
might have been a bit slower in the last 2 years after Marcus had to
leave us. 

If there are real problems and not just a "I do not like the
open-process-close" paradigm, this should be raised and discussed
(gnupg-devel).  In particular problems with language binding should be
solved and if possible I'd like to add the language binding to the gpgme
release to be sure that it is a one-stop-solution.

> No one has ever said GPGME is the all-purpose, all-in-one solution.  No
> one.  So why are we having this discussion?  What was the point in even

Right, key signing and such is not a primary goal of GPGME.  It is about
bread-and-butter encryption services.  we always said, that if there is
a real need for a new interface we will add that.  But before we do that
it is important to see whether such a use pattern actually works.

GPGME is under the LGPGv2.1+ - this is the most liberal copyleft license
I know.  On purpose this has not been changed to GPLv3 or LGPGv3 so that
it can even be used by evil DRM riddled proprietary software.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list