On Fri 2016-10-14 15:11:39 -0400, Werner Koch wrote:
> On Fri, 14 Oct 2016 18:58, d...@fifthhorseman.net said:
>> instructions that say "if you're dealing with gpg secret key material in
>> a test suite, here's what we recommend you do".
> Which could be as simple as: Do what GnuPG does in its test suite.

I don't think it's fair for us to expect people writing projects which
rely on GnuPG (possibly with languages and entirely different
toolchains) to read the full GnuPG test suite and understand its
architectural details and design.  The GnuPG test suite is also
*building* gpg-agent and gpg (likely on systems that already have gpg
and gpg-agent installed), so it's not obvious that the testing behavior
would be the same.

A one- or two-paragraph document that explains the recommendation for
external projects, in English, coming from the official GnuPG project
would be much more helpful in setting reasonable expectations.


Attachment: signature.asc
Description: PGP signature

Reply via email to