Re: gnome-keyring Should I mark/announce GNOME as incompatible with gpg2 for now?
- From: Stef Walter <stef thewalter net>
- To: Andre Heinecke <aheinecke intevation de>, Stef Walter <stef thewalter net>, gnupg-devel gnupg org, gnome-keyring-list gnome org
- Subject: Re: gnome-keyring Should I mark/announce GNOME as incompatible with gpg2 for now?
- Date: Fri, 29 Aug 2014 11:17:19 +0200
On 28.08.2014 16:38, Andre Heinecke wrote:
Hi,
On Thursday, August 28, 2014 - KW 35 03:30:23 PM Werner Koch wrote:
On Thu, 28 Aug 2014 12:46, stef thewalter net said:
It seems that you don't want gpg2 used with GNOME 3.x as is (in its
default configuration).
No, I want you to change the default configuration - I told you that
over lunch during last years FOSDEM. This mess is going on for many
years now and a lot of people are annoyed. Fortunately most users of
GnuPG's S/MIME feature are using KDE and not GNOME and thus are not
affected by that hijacking. With 2.1 OpenPGP users will also be
affected and thus I escalated this issue using the new warning.
Still even if your run a mostly KDE desktop your distribution might ship the
gnome-keyring pseudo gpg-agent and it might be started before the real gnome-
keyring.
Kleopatra currently fails in the self test if gnome-keyring is hjacking the
socket with an "error while asking gpg-agent for its version". There are
already some bugs about this from users that do not know what is wrong.
But at least it complains. With older versions of kdepim / kleopatra you just
get nasty unexpected errors when you try to use features which are not handled
by your "pseudo" gpg-agent.
So I'm interested in this discussion as I should probably add a similar
warning in the Kleopatra self test in case gnome-keyring has hijacked the
socket as this hijacking breaks Kleopatra.
Should I go ahead and announce that gpg2 (version 2.0.23+) is
incompatible with GNOME and people should USE gnupg 1.4.x with GNOME 3.x
The warning message says it all: GKR is hijacking the IPC between
components of GnuPG - you don't have to mess with that! Shall I start
to encrypt and authenticate the IPC just to make it harder for GKR to
mess with it - that would be a silly game.
I agree with Werner here. I feel like you want to trick users into using
gnome-keyring when they expect to communicate with gpg-agent (With users I
also mean other pieces of software)
From a Kleopatra standpoint I would like to see gnome-keyring packaged with a
"breaks gnupg2" or at least the gpg-agent hijacking part should be packaged in
a seprate package which can conflict/break with users of gnupg2 features.
It is not gnupg2 that is incompatible with gnome-keyring, it is gnome-keyring
that deliberately breaks a large part of the feature set of gnupg2.
That's just semantics. As I've said, I'm not against changing this. And
else in this thread I've outlined several approaches that could be taken
to contribute such a fix.
I mean what would you say if KWallet would set a GNOME_KEYRING_CONTROL
environment variable to point to itself? Would you then go ahead and say gnome
software is not compatible with a KDE Desktop or would you complain that
KWallet breaks gnome-keyring users and should stop setting the variable?
It would be awesome to finally have that done ... :) In fact we worked
on a standard API with the KWallet developers so this would be possible:
http://standards.freedesktop.org/secret-service/
Once again, communication, working together, even a simple email, and
contributing is *way* more effective that spamming everyone with warnings.
Cheers,
Stef
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
