pinentry suggestion
Hauke Laging
mailinglisten at hauke-laging.de
Thu May 19 02:25:42 CEST 2011
Am Donnerstag, 19. Mai 2011, 01:57:34 schrieb Marcus Brinkmann:
> The problem is that you can not declare it not to be a security feature by
> fiat. Users will perceive it as a security feature or not depending on the
> whole context and their expectations. If they do rely on a bit, we are in a
> bit of a mess here, quite frankly.
A good solution might be not to make this the default behaviour but to add an
option: --pinentry-show-proc
The pinentry message could be extended by a hint like "(see --pinentry-show-
proc for the demanding process)" if this option is not given.
"--pinentry-show-proc yes" adds the info to the pinentry message, "--pinentry-
show-proc no" suppresses the hint. The documentation states clearly the
problem you described and also says that making "--pinentry-show-proc yes" the
default configuration would be regarded as a security risk. That should
prevent the distros from doing that.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110519/66273a0f/attachment.pgp>
More information about the Gnupg-devel
mailing list