[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29906: 27.0.50; Emacs prompts for passwords in GUI dialog instead of
From: |
Eli Zaretskii |
Subject: |
bug#29906: 27.0.50; Emacs prompts for passwords in GUI dialog instead of minibuffer |
Date: |
Sat, 30 Dec 2017 22:53:45 +0200 |
> From: Daiki Ueno <ueno@gnu.org>
> Cc: nljlistbox2@gmail.com (N. Jackson), 29906@debbugs.gnu.org
> Date: Sat, 30 Dec 2017 21:13:04 +0100
>
> >> > ** The pinentry.el library has been removed.
> >> > That package (and the corresponding change in GnuPG and pinentry)
> >> > was intended to provide a way to input passphrase through Emacs with
> >> > GnuPG 2.0. However, the change to support that was only implemented
> >> > in GnuPG >= 2.1 and didn't get backported to GnuPG 2.0. And with
> >> > GnuPG 2.1 and later, pinentry.el is not needed at all. So the
> >> > library was useless, and we removed it. GnuPG 2.0 is no longer
> >> > supported by the upstream project.
> >> >
> >> > To adapt to the change, you may need to set 'epa-pinentry-mode' to the
> >> > symbol 'loopback'.
>
> I wasn't aware of this entry. Would it really make sense, given that
> pinentry.el was a new library introduced in Emacs 26?
??? I see pinentry.el in all versions of Emacs starting from 25.1.
> >> Yes, that does help, thank you. I should have checked the news.
> >>
> >> It doesn't help me decide what to do though. Do you know if using
> >> the prompt in the minibuffer (using `loopback') is thought to be
> >> less secure than using the external pinentry program?
> >
> > I don't know enough about this to tell. Daiki, any inputs?
>
> I would say it's provides the same level of security as pinentry-gtk,
> which no longer uses secmem these days.
>
> It's unfortunate that one of the GnuPG contributors (who currently seems
> inactive) had advertised that it was less secure, based on his Emacs 19
> knowledge:
> https://dev.gnupg.org/T2034#89059
Would you advise saying something along these lines in NEWS?
Thanks.