[pkg-gnupg-maint] Bug#794667: gnupg-agent: facilitate running gpg-agent as a separate user account

[Daniel Kahn Gillmor]

Package: gnupg-agent
Version: 2.1.6-1
Severity: wishlist

gpg-agent doesn't defend against another process by the same user
inspecting its memory or doing other nasty things to the process.
While i'm encouraging upstream to add what protections are possible
[0], it would also be useful to have some tooling around creating a
secondary user account to run the agent in a designated,
non-privileged manner.

This might be a distro-specific project, since account creation,
removal, etc are normally not handled by gpg itself, but by the
distro.

Perhaps we can use this bug to brainstorm such an approach for
gpg-agent at least.

          --dkg

[0] https://bugs.gnupg.org/gnupg/issue1211

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0                  2.2.1-1
ii  libc6                       2.19-19
ii  libgcrypt20                 1.6.3-2
ii  libgpg-error0               1.19-2
ii  libnpth0                    1.2-1
ii  libreadline6                6.3-8+b3
ii  pinentry-curses [pinentry]  0.9.5-2
ii  pinentry-gnome3 [pinentry]  0.9.5-2
ii  pinentry-gtk2 [pinentry]    0.9.5-2
ii  pinentry-qt4 [pinentry]     0.9.5-2
ii  pinentry-tty [pinentry]     0.9.5-2

Versions of packages gnupg-agent recommends:
ii  gnupg   1.4.19-3
ii  gnupg2  2.1.6-1
ii  gpgsm   2.1.6-1

gnupg-agent suggests no packages.

-- debconf-show failed