Hi Maximilian-- On Wed 2019-07-10 10:12:37 +0200, Maximilian Krambach wrote: > I have been tasked to prepare "debian packages" for the gpgme-json browser > integration, to ease installation of native messaging between gnupg and > browser > extensions.
great, thanks for working on this! I assume you're aware of https://bugs.debian.org/911189 (in cc as well). That's the best place to talk about the debian packaging for this stuff. > I'm working on a patch for salsa.debian.org/debian/gpgme/, as I think this is > probably the best place for it. Sounds reasonable to me. > Basically, the two packages (chromium-gpgme and firefox-gpgme) just need to > ensure that the gpgme-json binary ships, and that a configuration file is > present at paths the browsers like. > > My question: > Is it okay and maintainable to add "approved" extension ids (in this case, > mailvelope) to these configuration files? > > In the end, it is an authorization between the extension(s) and the browser > (based on ids assigned by the browser publisher). > gpgme-json itself does not care who communicates with them (as long as it > stays > the same actor). Still, I have the feelings that some link between worlds is > created that may not be desired. This is an excellent question, and one that i did not figure out the answer to when i was briefly researching the situation. I wonder whether it makes more sense (and whether it's possible) to ship the gpgme-json binary and wrapper files in one package, without any "approved" extension IDs. And then in the extension-specific package (e.g. the "mailvelope" package), include the approved extension IDs. Does that even make sense? I don't remember the exact layouts expected. Thanks for stepping up to do this work! --dkg
signature.asc
Description: PGP signature
