On Wed 2017-02-15 13:33:57 -0500, Werner Koch wrote: > On Wed, 15 Feb 2017 16:23, d...@fifthhorseman.net said: > >> should we adjust the build of 1.4 in debian to patch out the direct >> access of smartcards? if we use --disable-card-support during >> ./configure will that disable use of the agent for smartcards as well, >> or will it just remove the direct access? > > --disable-card-support removes all support for smartcards. I would not > mind if you use that option.
However, this will cause problems for people dealing with a smartcard with a PGPv3 key on it. We're maintaining gpg1 in debian specifically for people who have legacy setup like this, so they can access archived messages. Ripping away smartcard support from them seems like the wrong move. Unless maybe it's impossible for there to be any PGPv3 secret keys on smartcards? > --disable-agent-support without --disable-card-support will only use the > direct smartcard access code. Thus is is the opposite of what you want. hm, bummer. a configure option to keep the agent access but not the direct smartcard access would be nice to have. --dkg
signature.asc
Description: PGP signature