Date: Mon, 18 Dec 2017 15:04:14 -0700 From: Leonid Isaev <leonid.isaev@...a.colorado.edu> To: oss-security@...ts.openwall.com Subject: Re: Recommendations GnuPG-2 replacement On Mon, Dec 18, 2017 at 08:21:56PM +0000, halfdog wrote: > The point in starting this thread was, that GnuPG does NOT conveniently > cover usecases for headless or scripting operation. Thus it seems > that the time has come to look for replacement, as GnuPG is moving > more in the "desktop" direction, as also your comments indicate. You are talking about policies here, not technical issues. Gnupg is perfectly scriptable, see pacman-key(1) tool in Arch Linux. Moreover, gpg-agent is easily usable on a headless machine. At least, I mostly use it this way when checking email... You will lose nothing if you just pkill(1) gpg-agent though. So I don't understand why you claim that gpg is moving towards desktop. > That's really a strange argument. You fear PTRACING for key extraction > of a short-lived, per-key instance of gpg1 process and solve that > by putting all the key material into a single long-lived gpg-agent > process, not even providing convenient commands to flush the keys > from there? pkill -hup gpg-agent. Please read the manpages. Cheers, -- Leonid Isaev
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ