Bug#623539: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring
On Tue, 14 Apr 2015 14:38, j...@debian.org said: Sorry, I was under the impression this was a discussion about actually improving the situation, not about Debian being used as a playground for petty complaints about other upstreams. Sorry, this is serious brokenness which is going on for years. For the records let me conclude: Jessie will be released with a default GNOME and an optional XFCE desktop featuring these bugs affecting GnuPG - S/MIME (gpgsm) does not work at all. - Smartcards for GPG won't work. - GnuPG's included ssh-agent can't be used. - The passphrase protection of GnuPG private keys has been reduced to a security level we had before 2010. - Brute forcing symmetric encrytion is as easy as before 2010. (~300 times faster on an i5-2410M, 2.3Ghz) This has been justified by a better looking passphrase entry dialog for GPG keys in GNOME's keyring-manager. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpEGw0o_PUIo.pgp Description: PGP signature
Bug#623539: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring
On Tue, 14 Apr 2015 13:53, w...@gnupg.org said: Do you want a patch to remove gpg-agent from GKR? The patch is too simple. Just add --disable-gpg-agent to the ./configure invocation and you should be done. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#623539: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring
Hello, On 04/14/2015 09:38 PM, Josselin Mouette wrote: Sorry, I was under the impression this was a discussion about actually improving the situation, not about Debian being used as a playground for petty complaints about other upstreams. If you want to disable this functionality on your system, you can edit or remove /etc/xdg/autostart/gnome-keyring-gpg.desktop, but we are not going to meddle in your affairs (or lack thereof) with GNOME developers by removing features from Debian packages. I'd understand your position. GnuPG maintainers and/or Debian team for GnuPG should keep communicating GNOME developers for this issue. We will. On the other hand, shall we consider from viewpoint of Debian *users*? I think that for Debian users, the gpg-agent feature of gnome-keyring's is questionable since its implementation is immature and causes troubles. The only possible benefit with this feature for users would be coherency for lookfeel of dialog box in a desktop environment. Downside is non-working OpenPGPcard (which is most popular in Debian users than other distro users, I suppose), weaker S2K (which is pretty important thing for Debian users), bad for gpgsm, and incompatibility to GnuPG 2.1 private key handling. It is unfortunate to force users into this dilemma between good lookfeel and good functionality/security. This should be eventually solved by upstreams. I think that default should be good functionality/security than lookfeel. It still make sense to offer a choice to users, but I think that the default for Debian users is better to have OnlyShowIn= in /etc/xdg/autostart/gnome-keyring-gpg.desktop by removing GNOME;Unity;MATE;. I know, the origin of the file is from upstream of gnome-keyring, but, I believe that it is better default for any desktop environment for Debian users. How about this default change in gnome-keyring in Debian? -- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#623539: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring
Werner Koch w...@gnupg.org wrote: Do you want a patch to remove gpg-agent from GKR? The patch is too simple. Just add --disable-gpg-agent to the ./configure invocation and you should be done. Sorry, I was under the impression this was a discussion about actually improving the situation, not about Debian being used as a playground for petty complaints about other upstreams. If you want to disable this functionality on your system, you can edit or remove /etc/xdg/autostart/gnome-keyring-gpg.desktop, but we are not going to meddle in your affairs (or lack thereof) with GNOME developers by removing features from Debian packages. -- Joss -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
