Re: parcimonie [Was: Check for revocation certificates before running apt-get?]

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
From: Paul Wise <pabs@debian.org>
Date: Tue, 24 Dec 2013 13:49:34 +0800
Message-id: <[🔎] CAKTje6F4Cwh3=A3oYjjdWxYcZo4F1jdDZa2mtK7=Spo+VnYiqg@mail.gmail.com>
In-reply-to: <[🔎] 85wqj6phft.fsf@boum.org>
References: <[🔎] 52AB8E6C.2050107@riseup.net> <[🔎] CAKTje6G2PCMxVOUAMtQPthE3KAns005juoxU4xskdHnZt=XqBw@mail.gmail.com> <[🔎] 52AD1EB7.6060102@riseup.net> <[🔎] CAKTje6He6Qhg5P4ucV9x+qo=u==Hc=0btU4mpY-xLE+z4BynnQ@mail.gmail.com> <[🔎] CAFANWtV2tMV-RSuidK1WTDp9VgHodzenK6Po-Tm2WHTt2aenUg@mail.gmail.com> <[🔎] CAKTje6HiRTyNFkBDX_Hrdi_=WHabS8VXLxJtuGdQY_u=1O+3dA@mail.gmail.com> <[🔎] 85wqj6phft.fsf@boum.org>

On Sun, Dec 15, 2013 at 5:55 PM, intrigeri wrote:

> As the author of parcimonie, I can only agree it would be great if
> someone took it over and made it more lightweight.

I was looking at the riseup OpenPGP best practices document and I
noticed that someone had added a link to a bash reimplementation. The
author claims it has an advantage over parcimonie of using unique Tor
circuits for each key fetch. Personally I don't think bash is the
appropriate language to implement this though.

https://github.com/EtiennePerot/parcimonie.sh

> Are there specific pieces of the implementation that seem too complex
> to you, or any available option that could be dropped in your opinion?

The most valuable thing that could improve parcimonie would be to
include an implementation of the concept in GnuPG itself. The only
problem with that would be the UI parts but those could be kept
separated.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
  - From: intrigeri <intrigeri@debian.org>

References:
- Check for revocation certificates before running apt-get?
  - From: adrelanos <adrelanos@riseup.net>
- Re: Check for revocation certificates before running apt-get?
  - From: Paul Wise <pabs@debian.org>
- Re: Check for revocation certificates before running apt-get?
  - From: adrelanos <adrelanos@riseup.net>
- Re: Check for revocation certificates before running apt-get?
  - From: Paul Wise <pabs@debian.org>
- Re: Check for revocation certificates before running apt-get?
  - From: Darius Jahandarie <djahandarie@gmail.com>
- Re: Check for revocation certificates before running apt-get?
  - From: Paul Wise <pabs@debian.org>
- Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: RE: [SECURITY] [DSA 2826-1] denyhosts security update
Next by Date: Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
Previous by thread: Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
Next by thread: Re: parcimonie [Was: Check for revocation certificates before running apt-get?]
Index(es):
- Date
- Thread