QCA2
Ingo Klöcker
kloecker at kde.org
Sun Sep 11 11:38:28 BST 2022
On Sonntag, 11. September 2022 10:35:43 CEST Albert Astals Cid wrote:
> El diumenge, 11 de setembre de 2022, a les 4:44:24 (CEST), Ron Murray va
> > Since QCA invokes the gpg executable anyway, it makes more sense to
> > just let gpg bring up a pinentry dialog.
>
> That's not QCA design, the design is that the application brings up its own
> dialog if it needs it when it gets asked via the QCA::Event::Password
> request.
Which is completely against the design goal of gpg2 to minimize the attack
surface of code that deals with sensitive information like the private key
data (done exclusively by gpg-agent) and passwords (done by gpg-agent in
concert with pinentry).
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20220911/5543d262/attachment.sig>
More information about the kde-core-devel
mailing list