Re: Re: Re: Balsa and pgp !?

Am 22.11.03 00:41 schrieb(en) Pawel Salek:
> I have just noticed that
> which is the official website for gpgme advertises only 0.3 and calls  
> 0.4.3 "unstable". libgpg-error is not mentioned at all. I am looking

This is indeed somewhat confusing. Actually the gpg people seem to regard  
the gpgme 0.3 series as a thing of the past. To quote from a mail from the  
gpg mailing list:

Am 19.11.03 10:33 schrieb(en) Werner Koch:
> To allow the use of GnupG 1.9 with Kmail's cryptplug, I have just
> released gpgme 0.3.16. Note that this is the GPGME with the old API
> which should not be used for any new applications and furthermore
> developers should consider to migrate to the new GPGME 0.4.x.

> forward to gpgme and libgpg packaged together in one package - possibly  
> allowing for static linking as long as this library has this status (I  
> guess I should just try to get this message through to gpgme  
> developers).

I'll forward that question to that list, with a cc: to you...

> IMVHO, "potential" saving few hudred kb is just not worth the hassle -  
> myself, I would split packages physically only if there were already  
> several programs using given library: Occham razor should be applied  
> here.  As far as I am concerned your patch could be commited but I am  
> not sure whether it will actually improve anything apart from chasing a  
> moving target.

That is of course correct! Creating rpm's for those packages is not  
difficult, though, as they both come with spec files which worked out of  
the box on my YellowDog Linux (more or less RedHat for PowerPC) system.

Moving to the new api to keep compatibility with other apps is actually  
not a very strong point. Packages which come to my mind are seahorse and  
gpa, both using (iirc) 0.4.0 which in not campatible with neither 0.3 nor  
0.4.1 and above. The development of both projects seems to have stalled.  
However, *if* there is some progress I would bet that they move to 0.4.3,  
as 0.4.0/1/2 have lots of bugs.

IMHO currently the strongest reason for moving are the threading problems  
with gpgme 0.3 on some systems (e.g. old SuSE) which should be resolved  
with 0.4.2 as it provides two different libs for threaded and non-threaded  

An other point is that the 0.3 series has a cosmetical bug which breaks  
the trust calculation after using the sign method. You can reproduce this  
(assuming you trust your key more then marginally) by looking at one of  
your signed messages in the sentbox after starting balsa, which should  
show a green padlock and (usually) "ultimate" trust. Now send anybody a  
signed message, and look again at the same message. Now gpgme reports an  
"unknown" trust, and the padlock will be yellow... This is a gpgme bug,  
resolved in 0.4.

Just my ¤ 0.01...

Cheers, Albrecht.

 Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
       Phone (+49) 228 6199571  -

PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]