[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9060 [TorBirdy]: gpg reads .gnupg/gpg.conf

Subject: Re: [tor-bugs] #9060 [TorBirdy]: gpg reads .gnupg/gpg.conf
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 22 Sep 2013 00:54:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 Sep 2013 20:54:23 -0400
In-reply-to: <046.ad4cd2544230b4674000c7e12fbe5398@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ad4cd2544230b4674000c7e12fbe5398@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9060: gpg reads .gnupg/gpg.conf
--------------------------+----------------------
     Reporter:  proper    |      Owner:  sukhbir
         Type:  defect    |     Status:  accepted
     Priority:  normal    |  Milestone:
    Component:  TorBirdy  |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+----------------------

Comment (by sukhbir):

 Replying to [comment:4 proper]:
 > What about users who heavily customized their gpg.conf? What other
 settings in gpg.conf for identity 1 could be problematic if they are used
 for identity 2 in Thunderbird?

 The TorBirdy settings override gpg.conf. So if you have some setting in
 gpg.conf that is more secure/less secure that what we consider it to be,
 it still doesn't matter because our settings take preference and they are
 considered ''more'' secure.

 There seem to be no other settings that could be problematic because we
 are not switching between any of them.

 > Enigmail in an anonymous mail client reading ~/.gnupg/gpg.conf is
 something you wouldn't expect. Therefore it shouldn't happen.

 It's not exactly Enigmail here, but gpg and this is where the difference
 is because we do not care for the settings that we are not changing. So if
 you have a setting X in gpg.conf and so does TorBirdy, we override it with
 our setting. If you have some setting in gpg.conf that is less secure,
 again, our setting takes preference. So in the end, it doesn't matter to
 us what gpg.conf has. It did matter with `--throw-keyids`, but that has
 changed.

 Like I said, I agree with intention of the ticket. Had there been a GPG
 switch to do it, I would have probably thought of handling this. But for
 now, what we are doing should be OK as I have described.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9060#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8936 [TorBirdy]: Distributing Tor with TorBirdy
Next by Author: Re: [tor-bugs] #9796 [Vidalia]: new user cannot connect see log post below
Previous by thread: Re: [tor-bugs] #9060 [TorBirdy]: gpg reads .gnupg/gpg.conf
Next by thread: Re: [tor-bugs] #9060 [TorBirdy]: gpg reads .gnupg/gpg.conf
Index(es):
- Author
- Thread