On Fri, 13 Dec 2013 21:24, d...@fifthhorseman.net said: > this sounds like an argument for being willing to change the > human-readable output on the shell -- there are not many people looking > at it anyway, and most of those people are sophisticated user.
It is a Unix tool and people want to have it as a Unix tools. The separation between a machine readable and the human interface is not a standard Unix tool property. Thus admins don't know about it. > I think for a piece of critical security infrastructure, GPG has been > supporting some insecure practices for far too long. Why do you think this is insecure? Because gpg does not encrypt to a key and users work around this by using --always-trust? > If you're referring to a specific script, please point me to it and its > authors; i'll badger them as well; that's not a fun job, and there is no > reason you should do it solo. I can't point you to such scripts. Most software is not in public use but used in-house. Sometimes I receive bug reports or requests for help and then I notice these problems. Not much we can do about. In fact, too many sites are using outdated versions because they fear things may break. Such breaks have been very rare with gpg and that is a good thing. > presumably relates to people who *do* use gpg from the command line > (they're actually scripting it!), and should know better. The way to They implemented something and then it is never touched again. > get people to learn about it is to go ahead and improve the UI. I am willing to consider a change for 2.1 - that will anyway break things (no more secring.gpg). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
