-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/29/2013 07:27 PM, Doug Barton wrote: > On 05/29/2013 12:09 PM, Henry Hertz Hobbit wrote: | On 05/29/2013 > 06:12 AM, edgard devaux wrote: |> hello using Gnupg with linux > debian 7.0 and gnome; i created a |> key pair. my e-mail client > asks me a certificat for personal to |> sign , and an other > certificat for the key. How can i get this |> certificat for > keyring , i don't find where . excuse my english |> (i'm > franchman). thanks edgard | | Thunderbird: ============ > http://wiki.debian.org/EmailClients | | If you are using > Thunderbird, do NOT install enigmail with an | apt-get with a sudo! > Also do not set up one common folder but have | separate email > sections for each POP or IMAP email account. Another | way to add > enigmail to Thunderbird: | | > https://addons.mozilla.org/fr/thunderbird/addon/enigmail/ | | Add > it as yourself, not as root. The apt-get way of doing things | > here may not work. You end up installing it in the system | > thunderbird (/usr/lib/thunderbird) folder. You want enigmail | > installed in your ~/.thunderbird folder. | | Once enigmail is > installed, you can specify specifically what key | you want used > with each email account by clicking on the email | account and then > view settings then OpenPGP. > > That advice is contrary to the conventional wisdom, which is to > use the same method to install Enigmail that you use to install > Thunderbird (i.e., apt-get + apt-get, or manually + manually). Can > you please explain your reasoning here?
First, whose advice? I was advised to blacklist nouveau with a certain file on OpenSuSE 11.4 that didn't exist because Linux cannot upgrade the video drivers when you install a new video card so I had to do the upgrade manually as it always has been done. Hint: look for a file with the pattern "blacklist" in the /etc/modprobe.d/ folder and put the "blacklist nouveau" in that file to get it to accept the new Nvidia driver - similarly for Ubuntu which is Debian based for 10.04: http://securemecca.com/public/DemingLinux/OpenSuseNvidia.txt http://securemecca.com/public/DemingLinux/UbuntuNvidia.txt OpenSuSE also installed the clamav program without creating the requisite clamav group and clamav user (it really IS necessary). Ergo, much advice while being given with good intentions is wrong. Sometimes that wrong hurts and some times it doesn't hurt. In the case of adobe flash Player, just like downloading my video drivers files from either the chip creator or the video card creator it hurts. For Windows it doesn't hurt too bad unless you are a gamer. The drivers from Micorosoft are at least 3 months and most likely 6 months to a year older than what you get from the chip vendor. For adobe flash player you get a convoluted list of symlink files and no way to backroll to the previous flash player because of lib or other problems, with the Ubuntu update not supplying the update anyway. So I do it myself: http://www.adobe.com/ (click on flash player under downloads) http://securemecca.com/public/UbuntuFlashInstall-11.txt Now I can backroll if needed. Sysadmins for even small Linux shops will set up a symlink on each machine in the plugins to point to yet another symlink on a UFS mount. They then just remove and re-establish the symlink on the NFS mount to point to the new flash player. If they run into problems they just point the symlink on the UFS mount back to the old binary. That beats the convoluted mess I saw employed by Ubuntu where they even had links going through /etc for flash player. Ubuntu doesn't want to handle the flash player anyway since it is licensed by Adobe. In the case of enigmail, it is an add-on and like Firefox the enigmail is just an XPI install file. Just like the XPI installs got Adblock Plus (ABP), Cookie-Safe, and other Firefox add-ons which are installed into ~/.mozilla/firefox, by Firefox, the enigmail XPI install add-on gets installed into ~/.thunderbird by Thunderbird. That is the proper way to do it. That is how I did it with OpenSuSE 11.4 which is an RPM based Linux. This time around I just closed Thunderbird on OpenSuSE, removed all the files in ~/.thunderbird/${HASH}.default/Cache, then made a backup: $ cd ; umask 077 ; rm /home/backups/${USERNAME}/thunderbird.7z $ 7za a -p /home/backups/${USERNAME}/thunderbird.7z ./.thunderbird (this zips it with an AES-128 encryption - supply password) I installed Thunderbird on Ubuntu 10.04 (the end of the line) via Synaptic Package Manager. I then copied the thunderbird.7z file onto a flash drive and from it onto the Ubuntu machine which had an older version of Thunderbird. I then unzipped it into the ${HOME} folder. When Thunderbird started it automatically checks and in that case backrolled to the previous version of enigmail because of an older version of thunderbird. Two days later Ubuntu upgraded Thunderbird with me closing the Thunderbird program first via the File - Quit method. If you click on the X icon Thunderbird may continue to run during the upgrade! When I started Thunderbird again it updated enigmail to the newer version of enigmail. Where did the enigmail downgrade and upgrade come from? The Mozilla distributed mirror download servers. You are going to get the proper version of enigmail from them eventually so why not start there in the first place? That is what the RPM based distros do anyway. They consider it safe enough and so do I. Debian was royally hacked years ago and even linux.org (where the kernel is) was hacked a year or so ago. I haven't heard of the Mozilla mirrors being hacked but it is possible. Even then you are depending on randomly getting the bad enigmail XPI file from the hacked mirror server. You are much more likely to get the new one. Actually I regularly zip the ~/.thunderbird folder and transfer it to ,y other machine to keep both versions in sync. Thunderbird has never failed in older ---> newer. It may fail if you do a newer ---> older but only if the older version of Thunderbird doesn't know what to do with a newer files. I of course move ~/.thunderbird to ~/zzz.thunderbird before putting the new files from the other machine in place. This sneaker-net synchronization has never failed. You would probably turn pale at doing it. Me? I have redundant mail on two systems in case one machine fails (which has happened). That is infinitely more important than worrying how enigmail got installed into my ~/.thunderbird folder. If you want to use apt-get go ahead but don't blame me when you shift to an RPM based Linux distro and have to do it the Mozilla way anyway. Oh yes, I have been using Unix since the 1970s, and have been a Unix admin since the 1980s. I can do things like re-establishing /dev/null which may turn you pale when it gets lost by a Linux install. Why does Linux lose it when I have never had real Unix lose it? I don't know. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBCAAGBQJRpvGnAAoJEMhFIk/IOUbwTeQH/iQf/RBmmIrAe0PjRwdn6Egs qB8ckSBVLMrG0FhexErnIjwCf6T57SrpXLJ5Ja486sz9Va6ftJVMhGz321WCM28y 6xllg9aD464MdKMZvF4jaQZ55xwUzef3yqKn2++oifsmRhp91WqZ3pGI2ZPTm/LB z43BR1xa9X1GAnIxNiwsRzRyUwhHZ3IJbrPmjNi6o1fs3BeL7ro+J5pzUkRbtkw1 koJVgAo/CSlcxH+e52miYpAPg4A02s06p7zhjJQZVuld7jUc6YFZMyY192nZ2++x 5YZ48XC7vQAI/pQ2zacJe8DT+H+/BOBeUpDckIkIy4RHAwxzbkkkQzIZTaDMABA= =judH -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
