[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: HOWTO on interfacing with gnupg/pgp?
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2001-06-26 19:36:43
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday, 26. June 2001 13:41, Marc Mutz wrote:
> I'm playing with the thought of using gpgme for KDE2.3's KMail. BUT:
I also already thought about this. This should simplify many things
with GnuPG. IHMO we should give it a try for KDE2.3.
> On Monday 18 June 2001 10:15, Werner Koch wrote:
> > || On Sun, 17 Jun 2001 23:56:26 +0200
> > || Marc Mutz <Marc.Mutz@uni-bielefeld.de> wrote:
> >
> > mm> Is it ready for production yet?
> >
> > Use it. It is probably better debugged than other tools invoking
> > gpg and well, I amthe manin author of both and so I take care that
> > both are working.
>
> Quoting the web page:
> ---
> GPGME is still work in progress, so don't expect that everything
> works and be careful when using production quality secret keys.
I guess this comment is already pretty old. So don't worry about it too
much.
> > mm> Does it support PGP?
> >
> > Of course not! The GNU project[1] does not support proprietary
> > software or advocates its use.
>
> Quoting the web page:
> ---
> GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
> easier for applications. It provides a High-Level Crypto API for
> encryption, decryption, signing, signature verification and key
> management. Currently it uses GnuPG as it's backend but the API isn't
> restricted to this engine; in fact it is planned to add other
> backends to it.
> ---
>
> Pay esp. attention to the last sentence.
>
> I must admit that I'm confused.
Yeah. I also thought this "other backends" was about PGP. But obviously
he is talking about other free alternatives to PGP. Unfortunately,
currently none come to my mind.
> What if we ship a KDE-2.3 which requires the then-current gpgme. Will
> that one (in three or four months from now) be ready for "production
> quality secret keys"?
Is our current implementation more ready for "production quality secret
keys"? I doubt it. ;-)
The only problem is that this will require another library to be
installed with KDE. Furthermore this library will only be used by
people who use GnuPG. I fear that unfortunately most of the KMail users
don't use any kind of encryption.
> What if we port our current pgp interfacing to be a backend to gpgme?
> Will this code be accepted for inclusion or do we have to maintain it
> as a patch and tell people: "Patch gpgme yourself if you want pgp
> support"?
I doubt that this will ever be included. See Werner's statement from
above: "The GNU project[1] does not support proprietary software or
advocates its use."
One solution for this problem would be to take the gpgme code, include
it into libkdenetwork and make a pgpme out of it. Of course we should
still take the original gpgme for GnuPG support. But frankly, I
currently don't see an advantage for the implementation of pgpme. Why
can't we stick to our PGP code in kpgpbase.*? Only because we change
the code to operate with GnuPG? If everything would be supported by the
gpgme library then this would be nice. But in the current situation
this doesn't make sense.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7OORLGnR+RTDgudgRAiLCAJ0XiwtDJz5aCNOW8XG7QbJjToNaKwCg2sJ2
AHFtLWq+9gsi9wI53Uv5arc=
=7nKx
-----END PGP SIGNATURE-----
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic