On Wed 2017-08-02 19:15:08 -0400, Jeremy Bicha wrote: > On Wed, Aug 2, 2017 at 7:08 PM, Daniel Kahn Gillmor > <d...@fifthhorseman.net> wrote: >> What do you think about this patch instead of your proposed patch? >> + opt.use_agent = 1; > > Sure, that sounds great. > >> The trouble, of course, is that now the gnupg1 package now effectively >> Depends: gpg-agent, which brings with it a bunch of other dependencies, >> which has historically caused a lot of grumbling. Is it worthwhile to >> pay that price? > > Since gnupg(2) already depends on gnupg-agent and we don't want to > give people a good reason to use gnupg1, I'm hoping it won't be a > problem.
ok, but gpg1 requires an explicitly set $GPG_AGENT_INFO variable. For users who are using X11, that should get handled by /etc/X11/Xsession.d/90gpg-agent (though that mechanism can apparently fail depending on some combination of display manager and session manager that i've been unable to pin down). And it doesn't wor for folks on the text-mode console. Should we warn the user about GPG_AGENT_INFO being unset? should we encourage them to set it explicitly with "gpgconf --list-dires agent-socket"? should we just try to execute "gpgconf --list-dirs agent-socket" anyway if GPG_AGENT_INFO is unset? or should we just tell people "hey, you're using gpg1, you get to set that variable yourself"? if we're telling users to "do it yourself", why don't we just tell them that about setting "use-agent" in their gpg.conf as well, without making any packaging changes? they're using deprecated systems, they have to do more work. making a halfway change that's going to force work that didn't used to be required (manually configuring GPG_AGENT_INFO) seems like not a great outcome. >> I don't want to spend a ton of time on gnupg1 > > Me either; that's why I filed this bug report so it will just autosync > to Ubuntu in the future. :) makes sense. sorry these details are difficult to sort out :/ thanks for talking it through with me. --dkg
signature.asc
Description: PGP signature