<<< Date Index >>>     <<< Thread Index >>>

Re: gpg



On Mon, Mar 01, 2004 at 12:40:43PM EST, Stewart V. Wright wrote:
> * Christoph Berg <cb@xxxxxxxxxxxxxxxx> [040301 17:22]:

> > > 2) Are you are using the gpg.rc that comes with mutt?
> > 
> > Your distribution should ship one that works fine. The one shipped with
> > Mutt should work after adjusting some paths.
> 
> Huh?  I didn't know there were any paths hardwired in gpg.rc ...  That
> would be a "Bad Thing^TM".

Well, it's safer if gpg.rc knows the exact location of your GnuPG
binaries, since otherwise, somebody with . before /path/to/gpg would be
vulnerable to a stray executable gpg in his current directory.  As you
can tell from my gpg.rc [1], I don't give a damn.  (I also don't have
. in my path until much much later.)  The way I install packages on my
system, managing a static $PATH is nearly impossible (as a trade-off to
easy local installations of packages, and reliable removal of packages
that don't uninstall themselves properly - or at all), so being able
to override GPG's location at runtime using $PATH is an indispensable
feature for me.  If you just install everything in /usr/local or /usr,
though, you can gain additional security by hardwiring paths.

 - Dave

[1]
http://www.bigfatdave.com/dave/mutt/muttdir/gpg.rc

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpI4V3GYhMjW.pgp
Description: PGP signature