[tor-bugs] #9060 [TorBirdy]: gpg reads .gnupg/gpg.conf
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 22 00:54:12 UTC 2013
#9060: gpg reads .gnupg/gpg.conf
--------------------------+----------------------
Reporter: proper | Owner: sukhbir
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: TorBirdy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------+----------------------
Comment (by sukhbir):
Replying to [comment:4 proper]:
> What about users who heavily customized their gpg.conf? What other
settings in gpg.conf for identity 1 could be problematic if they are used
for identity 2 in Thunderbird?
The TorBirdy settings override gpg.conf. So if you have some setting in
gpg.conf that is more secure/less secure that what we consider it to be,
it still doesn't matter because our settings take preference and they are
considered ''more'' secure.
There seem to be no other settings that could be problematic because we
are not switching between any of them.
> Enigmail in an anonymous mail client reading ~/.gnupg/gpg.conf is
something you wouldn't expect. Therefore it shouldn't happen.
It's not exactly Enigmail here, but gpg and this is where the difference
is because we do not care for the settings that we are not changing. So if
you have a setting X in gpg.conf and so does TorBirdy, we override it with
our setting. If you have some setting in gpg.conf that is less secure,
again, our setting takes preference. So in the end, it doesn't matter to
us what gpg.conf has. It did matter with `--throw-keyids`, but that has
changed.
Like I said, I agree with intention of the ticket. Had there been a GPG
switch to do it, I would have probably thought of handling this. But for
now, what we are doing should be OK as I have described.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9060#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list