On 05.06.2015 06:20, Daniel Kahn Gillmor wrote: > Control: retitle 760102 gnome-keyring: please build with --disable-gpg-agent > Control: block 760102 with 787786 > > On Thu 2015-06-04 22:30:21 -0400, Neal H. Walfield wrote: >> At Thu, 04 Jun 2015 22:14:25 -0400, Daniel Kahn Gillmor wrote: > >>>>>> - An update to Gnome-Keyring that disables it GPG Agent proxy. >>>>> >>>>> Maybe we need to offer them a patch. the goal here is just to disable >>>>> gnome-keyring's gpg-agent proxy implementation by default, right? >>>> >>>> That's correct. It should be sufficient to configure gnome keyring >>>> with --disable-gpg-agent (but I haven't tested this). >>> >>> that would make it so that users who wanted to use gnome-keyring as the >>> gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and >>> who otherwise ignore the concerns Werner has raised about >>> gnome-keyring's incomplete gpg-agent support) would be unable to do so. >>> >>> It's a more invasive change than just disabling the functionality as per >>> runtime defaults. >>> >>> Then again, that might keep us from dealing with a lot of extra bug >>> reports :) >> >> I spoke with Stef (the maintainer of GNOME Keyring, cc'ed) and he >> agrees that removing the proxy is the correct way forward. >> >> The only reason that the proxy exists is to cache passwords. >> pinentry-gnome3 does exactly that in a cleaner way. In other words: >> it makes the proxy completely redundant. >> >> A GSoC student is working on finishing the changes to GNOME Keyring >> and pinentry-gnome3 (e.g., extending GCR to deal with all of GnuPG's >> prompts). Nevertheless, the current pinentry version already more >> complete than the proxy. > > Great, this sounds like a good assessment. > > I'm forwarding this info to https://bugs.debian.org/760102, which is > already asking for some resolution of this situation. > > If gnome-keyring can Depend: pinentry-gnome3 (#787786), it should be > able to build with --disable-gpg-agent. > > Thanks for your work on this, all the coordination.
Great work, Neal. Confirming that I'll be ready to remove the code once the new pinentry makes it into a release. Removing code always makes me smile :) /me guesses there will be a few pieces to pick up. eg: figuring out how to enable the new pinentry by default when running in GNOME. But it's early in the GNOME 3.17 6 month release cycle and we can work that out after removal of the agent. Stef -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
