On 2007-03-17 08:16:15 +1100, Cameron Simpson wrote: > On 15Mar2007 20:25, David Champion <[EMAIL PROTECTED]> wrote: > | I can think of two compromises: > | * as Thomas Dickey suggested, detect gpg at compile time and insert > | the correct path into the installed muttrc files; > > I would vote for this one. Maybe insert /usr/bin (and other standard > places, by OS distribution) at the front of the $PATH _during_ the > detection phase to reduce user $PATH weirdness trouble. And supply a > configure --with-gpg= to specify a path to override the detector, if > there's one in configure.
The detector could be wrong. For instance, the user may want to install a new (more secure) version in /usr/local later (and have /usr/local/bin before /usr/bin in his $PATH). If Mutt still uses /usr/bin/gpg, this is bad. > | * enforce a sane PATH within mutt. This could, perhaps should be > | limited to stripping out relative paths. > > I'd oppose this. I hate apps that screw with my $PATH; they break > things. I agree that $PATH shouldn't be screwed, but there can be particular cases. Stripping out relative paths for gpg only would be a good idea IMHO (someone who relies on relative paths in his $PATH for gpg has introduced a security hole). -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
