Control: retitle 760102 gnome-keyring: please build with --disable-gpg-agent Control: block 760102 with 787786
On Thu 2015-06-04 22:30:21 -0400, Neal H. Walfield wrote: > At Thu, 04 Jun 2015 22:14:25 -0400, Daniel Kahn Gillmor wrote: >> >> > - An update to Gnome-Keyring that disables it GPG Agent proxy. >> >> >> >> Maybe we need to offer them a patch. the goal here is just to disable >> >> gnome-keyring's gpg-agent proxy implementation by default, right? >> > >> > That's correct. It should be sufficient to configure gnome keyring >> > with --disable-gpg-agent (but I haven't tested this). >> >> that would make it so that users who wanted to use gnome-keyring as the >> gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and >> who otherwise ignore the concerns Werner has raised about >> gnome-keyring's incomplete gpg-agent support) would be unable to do so. >> >> It's a more invasive change than just disabling the functionality as per >> runtime defaults. >> >> Then again, that might keep us from dealing with a lot of extra bug >> reports :) > > I spoke with Stef (the maintainer of GNOME Keyring, cc'ed) and he > agrees that removing the proxy is the correct way forward. > > The only reason that the proxy exists is to cache passwords. > pinentry-gnome3 does exactly that in a cleaner way. In other words: > it makes the proxy completely redundant. > > A GSoC student is working on finishing the changes to GNOME Keyring > and pinentry-gnome3 (e.g., extending GCR to deal with all of GnuPG's > prompts). Nevertheless, the current pinentry version already more > complete than the proxy. Great, this sounds like a good assessment. I'm forwarding this info to https://bugs.debian.org/760102, which is already asking for some resolution of this situation. If gnome-keyring can Depend: pinentry-gnome3 (#787786), it should be able to build with --disable-gpg-agent. Thanks for your work on this, all the coordination. Regards, --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
