[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updated GnuPG::Interface

On Fri, Jul 24, 2020 at 12:45:37AM +1200, Andrew Ruthven wrote:
> On Thu, 2020-07-23 at 23:55 +1200, Andrew Ruthven wrote:
> > We have two options here. Either
> > patch /usr/share/perl5/Crypt/Monkeysphere/MSVA.pm in msva-perl to use
> > the full path to /usr/bin/gpg when GnuPG::Interface. Or we modify
> > GnuPG::Interface to use the full path instead of just running "gpg".
> > 
> > I'm leaning towards the later as otherwise we'll be playing whack-a-
> > mole for any other Perl programs that use Taint. Thoughts?
> > 
> > I'm happy to prepare that patch.
> 
> I've written a patch for this and pushed it. General case patch is
> submitted upstream here:
> 
>   https://rt.cpan.org/Ticket/Display.html?id=133041
> 
> We'll need to carry our own patch even if upstream accepts it as I've
> set the default binary for gpg to be the full path so we don't need to
> use $ENV{PATH} or modify any programs that use GnuPG::Interface.

Agreed, we should be using the full path in any case to maintain
interface stability. As packagers we shouldn't rely on the user's
path not containing unexpected values.

Cheers
Dominic
Reply to: