Re: [sup-devel] [PATCH] Converted crypto to use the gpgme gem

From: Gaudenz Steinlin <gaudenz@soziologie.ch>
To: sup-devel <sup-devel@rubyforge.org>
Subject: Re: [sup-devel] [PATCH] Converted crypto to use the gpgme gem
Date: Thu, 11 Nov 2010 10:09:18 +0100	[thread overview]
Message-ID: <1289466286-sup-7540@meteor.durcheinandertal.local> (raw)
In-Reply-To: <AANLkTi=7yasVvAW4P85v3GJxf+quJrE3-1XruDgUZq+D@mail.gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 3021 bytes --]

Hi

Excerpts from Hamish D's message of Mon Nov 08 23:32:15 +0100 2010:
> OK, the second patch fixes the problem with the first patch.

I tried your patches and the problem with crash on missing keys seems
to be solved. However I have some more comments:

- With this patch the output of the gpg run is no longer available.
  Like this the plus sign in front of the message does not make sense.
  Is there a way to get at the gpg output with your approach?
- Signatures made by keys that are available in my keyring but aren't
  trusted are shown as valid. They should be specially marked!
  This is not a new problem. It also exists with the current code, but
  there you can access the gpg output which shows you that the
  signature is valid but not trusted.

Gaudenz

> 
> Hamish Downer
> 
> On 8 November 2010 11:21, Hamish D <dmishd@gmail.com> wrote:
> > Best hang fire on this patch. It appears to crash when verifying a signature
> > when the public key is not available. I'm investigating the problem and how
> > to fix it cleanly and I'll resubmit once I've done that.
> >
> > Hamish
> >
> > On Nov 6, 2010 8:08 PM, "Hamish D" <dmishd@gmail.com> wrote:
> >
> > I often find that loading long threads of encrypted messages (I have
> > several of over 10 messages and one of nearly 40) leads to lots of
> > flickering as the console replaces sup, sup comes back, the console
> > comes back again ... It is also very slow, and involves writing
> > decrypted messages to disk (if only temporarily) which could be a
> > security hole. So I've looked about and found the gpgme gem which
> > provides an API to use, and allows decryption entirely in memory.
> >
> > So I've rewritten lib/sup/crypto.rb to use gpgme. The functionality is
> > pretty much the same. Things I'm aware of that are different:
> >
> > * we can't set the signature algorithm, so we have to use whatever is
> > set in the user's preferences
> > * the gpg-args hook has been replaced by the gpg-options hook
> >
> > Other than that I think it is the same, although it took some work to
> > get the signature output to be the same. The other main difference is
> > that it's much faster and nicer now :)
> >
> > It could do with some testing - I don't have much in the way of
> > messages that cause gpg to complain, so if you do, please try opening
> > those messages with this code and see if the behaviour is reasonable -
> > no crashes, given messages about why your message was bad etc.
> >
> > Also I guess I should ask if people are happy to use this gem. Is it
> > hard to use on Macs? I guess I could rewrite this patch so it falls
> > back to the gpg binary if gpgme is not available ...
> >
> > To install this patch on Debian/Ubuntu you can either
> >
> > * apt-get install libgpgme-ruby
> > * apt-get install libgpgme11-dev; gem install gpgme
> >
> > Hamish Downer
> >
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 482 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel