[kde-community] KGpg
Andre Heinecke
aheinecke at intevation.de
Mon Aug 31 10:13:42 BST 2015
Hi,
On Sunday, August 30, 2015 08:04:59 PM Rolf Eike Beer wrote:
> Jeremy Whiting wrote:
> > On Sun, Aug 30, 2015 at 8:48 AM, Jeremy Whiting <jpwhiting at kde.org> wrote:
> > > Hey all,
> > >
> > > I may have found another candidate for unmaintained. KGpg is a ui for
> > > gnupg. I've never used it, but have used kleopatra. Anyway, here's my
> > > reasoning. Please fix any false assumptions I may have made if you
> > > know kgpg or kleopatra better than I:
> > >
> > > 1. KGpg does gnupg. Kleopatra also does, but is maintained.
> > > 2. KGpg has not been ported to Qt5/kf5, Kleopatra has.
> > > 3. KGpg isn't part of kdepim nor is it maintained by the PIM team,
> > > Kleopatra is.
> > >
> > > Is there anything that KGpg does that Kleopatra doesn't/can't do? Or
> > > is there any reason to port KGpg to Qt5/kf5 and keep releasing it?
> >
> > Correction, KGpg is maintained, Rolf made commits as late as last
> > month. My mistake. I gave KGpg a try here and it does seem to work
> > well. Rolf, could you use a hand porting it to Qt5/KF5 ?
>
> I did not port for the reason that KGpg depends on kdepimlibs (KABC), which
> had no Qt5-based release yet (now it has), and I must confess I can occupy
> my time with other stuff and was too lazy to build it from git. In fact I
> was asked at least twice why there was no KF5-port and both were also too
> lazy to build kdepimlibs stuff themself. Now that there is a release it
> makes actually sense to port, so I hope I can manage it in time for 15.12.
> If someone is bored and wants to assist I will not reject any efforts.
What's the state of GnuPG 2.1 support in KGpg? I've tried to run KGpg (from
debian jessie) on my with 2.1 and it fails to start with an error that It
can't find the Gpg-agent. (Probably because there is no mandatory
GPG_AGENT_INFO anymore)
> Kleopatra can do X.509, which KGpg can't. I never found that really missing.
So you probably never much had encrypted communiction with instutional users.
;-) S/MIME is pretty widespread there. (At least in Germany)
> And KGpg looks so much more beautiful ;)
Aww, now you've hurt Kleopatra's feelings (Doesn't she have a cute nose) ;-)
But I have to agree there at least for the keylisting. (as Sune and Anne also
wrote in the other branch of this topich). The Keylisting / visualization of
validity is imho better in Kgpg. Something I hope to address in Kleopatra at
some point. This will probably go along with GnuPG's TOFU database / usage
statistics that are currently worked at. Which will also need new
representation in GUI's.
Kleopatra at least has the advantage that it uses the official API (gpgme) and
so it is theoratically much easier to work with new features and different
versions of GnuPG.
Buit let's not get into a detailed comparision of Kleo vs. Kgpg I don't think
that would be helpful.
I'd much rather see us working together on a single GUI then splitting the
effort to work on two Certificate Managers in the KDE community. Of course I
doub't that will happen.
If you are willing to work on KGpg Ok! Alternatives are good. :-)
There is also another advantage KGpg has over kleopatra, The Kleopatra
codebase is kind of a beast with a usage of stdc++ and boost that is probably
unfamiliar to most KDE hackers.
> And it has the CAFF mode, which I doubt Kleopatra has.
I actually did not know that. Maybe something we could add to Kleopatra then,
too.
> And it supports photo ids, which I was told was
> intentionally left out of Kleopatra for some policy reasons.
Yes. Afaik this was done because the gnupg maintainer requested us not to
support this in Kleo. The reasons for this are:
- Gives a false sense of security.
- Increases the attack surface as you need image parsers to parse external
Input.
- Key size is drastically increased.
- Considered bad practice even though the OpenPGP standard allows for this.
I did not find sources for these claims, just something I picked up in
discussions. I was not around when it was decided in the first place. Maybe we
should discuss this again.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20150831/7b126e37/attachment.sig>
More information about the kde-community
mailing list