Web lists-archives.com

Re: no{thing} build profiles




On Oct 23, Jonathan Dowland <jmtd@xxxxxxxxxx> wrote:

> Both of Depends and Recommends in this case have drawbacks. It's a
> matter of weighing them up and considering their likelyhoods on a case
> by case basis. In this case, the maintainer must weigh the experience of
> users who may install mutt without gnupg and get a compromised
> experience, and how likely they are to hit that, versus the likelyhood
> that a user would be significantly troubled by installing gnupg even if
> they don't intend to use it; and in the latter case, factor in that we
> do have a system for addressing that, equivs, as you point out.
It's not just gnupg. gnupg depends on (among many other things) 
gpg-agent, which depends on pinentry, which used to pull in X libraries 
unless I remembered to manually install pinentry-curses first.
It has always been a pain and it is not justified just to check the 
content of a maildir in a server.
PGP-signed mail is an highly advanced feature, so I do not think that it 
is unreasonable to expect from users who want to use it to also install 
gnupg.

> In the case of mutt&neomutt, both are configured to have PGP enabled by
> default. With the default configuration, as soon as you read a
> PGP-signed mail, you will hit the behaviour that requires gnupg
> installed to function properly. Due to this, I don't think this
No: it is also TOTALLY POINTLESS to even just automatically verify 
received emails because any result is meaningless unless the local user 
has manually configured local sources of trust. Which requires 
installing AND configuring gnupg, so again the user has to know about 
it.

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature