On Fri 2016-10-14 15:11:39 -0400, Werner Koch wrote: > On Fri, 14 Oct 2016 18:58, d...@fifthhorseman.net said: >> instructions that say "if you're dealing with gpg secret key material in >> a test suite, here's what we recommend you do". > > Which could be as simple as: Do what GnuPG does in its test suite.
I don't think it's fair for us to expect people writing projects which rely on GnuPG (possibly with languages and entirely different toolchains) to read the full GnuPG test suite and understand its architectural details and design. The GnuPG test suite is also *building* gpg-agent and gpg (likely on systems that already have gpg and gpg-agent installed), so it's not obvious that the testing behavior would be the same. A one- or two-paragraph document that explains the recommendation for external projects, in English, coming from the official GnuPG project would be much more helpful in setting reasonable expectations. --dkg
Description: PGP signature