You know licq-gpg needs the GPG passphrase of the user to operate. Currently the passphrase is taken from the configuration file which is highly unsecure and has to be changed. Which one of these possilibities do you think is the best:
1) Let it in the configuration file, it's save there (just kidding)
2) Let gpg use a gpg-agent. This would be a fairly convenient way for me but not for the user who has to install NewPG, pinentry, a gpg-agent-daemon and whatever else. I don't think the average packaged-GnuPG user wants this. BTW, I haven't managed gpg-agent to work yet although I've tried hard ;) I don't know whether gpgme supports gpg-agents, too.
3) Make a callback mechanism for the plugins so that they should care about getting the passphrase. The console plugin could read the phrase from the console, qt-gui may pop up a dialogue box or something like that. Passphrase transfer by ICQOwner->SetGPGPassphrase.
4) The licq daemon shall ask for the passphrase. First it should try connecting to the X-server (using plain Xlib) and ask for a passphrase,
else use ncurses/plain gets().
Pros: no need for changing the plugins, could ask for passphrase when needed
Con: new compile option --without-x needed (for those who just use the console)
5) ... ?
-- Richard Hirner <[EMAIL PROTECTED]> http://richard.hirners.com/
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Licq-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/licq-devel
