Christoph, we are using a mutt here with gpgme for a long time (several years) and it is stable. Can you be more specific about the problems that block adding gpgme support?
As for the priority, I guess a raise in priority could be considered for two
reasons:
a) AFAIR mutt does not see the password if gpgme is used, thus this
is security in depth by seperating components. E.g. if mutt has the
passphrase, it probably will be swapped out to disc, while gpg-agent
tried hard to avoid this (though does not always succeed).
b) gpgme uses gpgsm for s/mime which has good defaults for using CRLs
and really evaluating the trust chain. Again AFAIR openssl is more
difficult and harder to configure to do this.
(As an example what can happen if no mechanism like CRLs are used,
see the problem that CAs now face after the Debian Openssl desaster
it would be way better if CRLs would be checked.)
Best,
Bernhard
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgp7uoaD0xwBl.pgp
Description: PGP signature
