[pkg-gnupg-maint] Bug#870522: Bug#870522: gnupg1: Consider setting use-agent by default
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 4 21:34:56 UTC 2017
On Wed 2017-08-02 19:15:08 -0400, Jeremy Bicha wrote:
> On Wed, Aug 2, 2017 at 7:08 PM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>> What do you think about this patch instead of your proposed patch?
>> + opt.use_agent = 1;
>
> Sure, that sounds great.
>
>> The trouble, of course, is that now the gnupg1 package now effectively
>> Depends: gpg-agent, which brings with it a bunch of other dependencies,
>> which has historically caused a lot of grumbling. Is it worthwhile to
>> pay that price?
>
> Since gnupg(2) already depends on gnupg-agent and we don't want to
> give people a good reason to use gnupg1, I'm hoping it won't be a
> problem.
ok, but gpg1 requires an explicitly set $GPG_AGENT_INFO variable. For
users who are using X11, that should get handled by
/etc/X11/Xsession.d/90gpg-agent (though that mechanism can apparently
fail depending on some combination of display manager and session
manager that i've been unable to pin down). And it doesn't wor for
folks on the text-mode console.
Should we warn the user about GPG_AGENT_INFO being unset? should we
encourage them to set it explicitly with "gpgconf --list-dires
agent-socket"? should we just try to execute "gpgconf --list-dirs
agent-socket" anyway if GPG_AGENT_INFO is unset? or should we just tell
people "hey, you're using gpg1, you get to set that variable yourself"?
if we're telling users to "do it yourself", why don't we just tell them
that about setting "use-agent" in their gpg.conf as well, without making
any packaging changes? they're using deprecated systems, they have to
do more work. making a halfway change that's going to force work that
didn't used to be required (manually configuring GPG_AGENT_INFO) seems
like not a great outcome.
>> I don't want to spend a ton of time on gnupg1
>
> Me either; that's why I filed this bug report so it will just autosync
> to Ubuntu in the future. :)
makes sense. sorry these details are difficult to sort out :/
thanks for talking it through with me.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170804/d3d793d6/attachment.sig>
More information about the pkg-gnupg-maint
mailing list