On Mon, May 2, 2011 at 20:49, Kevin Kammer <
lists.gn...@mephisto.fastmail.net> wrote:
> So, what I am thinking of is semantically a little like a pre-processor
> directive...
>
> #if (keyID == 123456)
> /* Use these options */
> #elif (keyID == 789abc)
> /* Use some different options */
> #else
> /* Fall back to a default set of options */
> #endif
>
> Obviously it wouldn't look like that in the gpg.conf file, but the model of
> conditional compilation gets the point accross (I hope).
>
> Does anyone agree with me that this would be a good idea, or am I just
> crazy? Better yet, does anyone already implement some kind of conditional
> options parsing, using a technique which hasn't occured to me?
Sounds interesting. I would consider a kind of "lookup sequence" so you end
up with this:
.gnupg/
> gnupg.conf
> gnupg-key-01234567.conf
> gnupg-key-0123456789abcdef.conf
etc.
That way, you can look at a single file to understand what will happen under
given circumstances, instead of having to parse through conditionals. I
don't think complicating the options format is a good idea. You end up with
stuff like this:
:(){ :|: & };:
Of course, you should *not* run this code. It will crash your system. I am
just demonstrating that when you allow obfuscated meaning in data or code,
Mallory will trick you into configuring your gnupg to send out all your
private keys to her.
--
Jerome Baum
Telefon: +49-1578-8434336
E-Mail: jer...@jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
