Re: gnome-keyring Should I mark/announce GNOME as incompatible with gpg2 for now?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 28.08.2014 17:39, Ximin Luo wrote:
On 28/08/14 11:46, Stef Walter wrote:
Hey guys,

I noticed this commit:

https://gitorious.org/gnupg/mainline/commit/b896fccaada0caf1987eb95ac99dd6b4ca609c4b




It seems that you don't want gpg2 used with GNOME 3.x as is (in its
default configuration).

Should I go ahead and announce that gpg2 (version 2.0.23+) is 
incompatible with GNOME and people should USE gnupg 1.4.x with 
GNOME 3.x for now?

I know Werner and I discussed solutions to this issue a more than
a year ago, but obviously neither of us has had enough time to
make the changes happen.

To summarize, either:

a. gnupg needs to integrate with GNOME 3 (prompt via
gnome-shell, and give the option to save passwords in the
keyring) and gnome-keyring can then drop its gpg-agent
implementation, as its features would now be found elsewhere.


From the view of an outsider: gnupg is a lower-level program, GNOME
3 is a higher-level desktop environment. It sounds ridiculous to 
suggest that lower-level utilities should have to do anything
special for desktop environments to work with it.

Nah, this happens all the time. Low level stuff, like the kernel,
libraries, and gnupg are there to enable higher level features.
Developers and system administrators often access these low level APIs
and tools ourselves, but that is an exception, at the end of the day
they are combined into higher level features for the user to actually use.

It's never a surprise that the high level features have a bearing on
the capabilities and APIs of the underlying tools.

Is there some more reasonable, generalised, non-GNOME-specific 
interface (that GNOME 3 happens to implement) that you can suggest 
gnupg to adhere to instead?

Well, as Werner suggested, gnupg has such a semi-standard "pinentry"
interface.

Someone needs to write a gnome-shell prompter using it (one could use
this Gcr API if desired [1]). In addition that pinentry prompter needs
to be able to optionally save the private key password in
gnome-keyring (libsecret API [2]) so that the user can optionally have
the private keys automatically unlocked whenever they are logged into
their GNOME session.

These are the two features that the gnome-keyring GPG agent enables,
and the two features that replacement would need to provide.

Cheers,

Stef
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQAJ40ACgkQe/sRCNknZa+nIwCeIWturjhF8+bXUmZXqa7dUDSW
4X4AoMfLfeDNEMcTVqMkzRRgse0iU8dn
=X3s7
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]