encrypt file in batch mode

Tony Lane codeguro at gmail.com
Tue Nov 5 00:10:21 CET 2019

Hash: SHA512

On 11/4/19 11:12 AM, Werner Koch via Gnupg-users wrote:
> Separation of duties is an important part of the Unix philosophy.  Thus
> we use gpg-agent to handle the operations which require private keys and
> also for some minor things which benefit from being implemented in a
> daemon.

I must disagree here. GPG is modular, and it's monolithic. A piece of software is modular if it is decomposable into distinct functional units such that each unit addresses a specific concern. This- the gpg-agent seems to do very well.
A piece of software is monolithic if its components (if it has any at all) are tightly coupled--that is, components logically depend on one another to the point where using them in different contexts requires re-implementing the missing ones. The point is, despite the fact that gpg-agent (and tools) is comprised of multiple binaries, the hierarchical logical coupling between them means that it is more accurate to think of them parts of the same program as a unit that just happens to run in separate address spaces. They are not truly independent, composable programs.
I do not think that it was the intent to develop gpg-agent as an interface that could be replaced by some other agent but instead to be run, as you said, as a daemon that provides helper functions in the background. For this reason I think it was a mistake to decouple the gpg-agent from the gpg core in this way, and to say that this agent was made with the unix philosophy in mind. Perhaps it would've been better to write the gpg-agent as a shared library to be called by the core instead. Well, we're probably too far down down the rabbit hole to change that now.

Oh, wait, it's free software. We _can_ change it. And redistribute those changes.
God I love free software. So, any volunteers?


More information about the Gnupg-users mailing list