On Fri 2015-01-23 13:01:12 -0500, Ricardo Mones wrote: > That's per-account GPG preferences. I was referring to the global GPG > plugin configuration :) see attached screenshot.
ah, ok, thanks. i don't think i knew about the difference -- i'm not a regular claws-mail user. > Mine is disabled because I don't have it running. Mine is disabled too, but i do have it available :) > If you have agent running and the check is still disabled this is > because GPG_AGENT_INFO environment variable was not set by the agent > (see claws-mail manpage). right, in my test account, i didn't have $GPG_AGENT_INFO set because i wasn't using a full X11 session startup, and because the newer gpg-agent > Has the gpg-agent experimental version you have changed that much? Yes, it has! as of gpg 2.1, the agent is launched automatically when needed, and it uses the standard socket location of $GNUPGHOME/S.gpg-agent (and in fact, the gpg process itself deliberately doesn't handle the secret key material or passphrases at all, which is great from a security perspective). For backward compatibility, we're probably still going to continue setting $GPG_AGENT_INFO anyway within the debian X11 session startup, but that's not a good long-term solution. Here's how i recommend that claws changes things (feel free to forward this upstream if you think it's better dealt with there). the basic idea is that claws-mail should do everything it can to avoid handling the user's passphrase: * check the version of gpg -- if it's 2.1 or later, *require* the use of the agent. * if it's before 2.1, and $GPG_AGENT_INFO is set, then enable the preference *and* make it default to checked. * if it's before 2.1 and $GPG_AGENT_INFO is not set, then enable the preference and make it default to unchecked. If the user checks it, and tries to use gpg, and GPG_AGENT_INFO is still unset, present the user with a suggestion to either upgrade gpg (and the agent) to 2.1, or to ensure that gpg-agent is launched as part of their desktop session. Thanks for talking this through here, --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
