<div dir="ltr">2016-04-18 23:36 GMT+02:00 Angelo Graziosi <span dir="ltr"><<a href="mailto:angelo.graziosi@alice.it" target="_blank">angelo.graziosi@alice.it</a>></span>:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><br>
<br>
Il 18/04/2016 22:59, Reinhard Kotucha ha scritto:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On 2016-04-18 at 21:57:04 +0200, Angelo Graziosi wrote:<br>
<br>
> Norbert Preining wrote:<br>
> > Are you ready to defend TUG in front of an US court? If not, please<br>
> > stop bothering us.<br>
><br>
> I am afraid bothering you, but this is one more reason to remove this<br>
> from TL2016...<br>
<br>
No, this can never be a reason.<br>
<br>
And even if you can convince Norbert to add an option which allows to<br>
control this behavior, everything which enhances security has to be<br>
turned on by default. Always.<br>
<br>
It seems that you prefer convenience to security. Not a good idea,<br>
</blockquote>
<br></span>
No, I don't prefer convenience but you are changing the policy of TL.<br>
<br>
It was to make TL as much as possible self-contained adding programs it needs in the distribution. Only rarely you allowed that someone of those program were already installed on the OS..<br>
<br>
Now, you not only do not add the program (for any noble reason that you want) but also allow for it to not be installed or not available from the OS. It is the first time I "hear" this kind of argument on this list..<br>
<br>
If you want add that, it should be off by default. Then you can say:<br>
<br>
Dear user, have you installed gpg? May you install it? yes? do you want to check for security? yes? then enable it with:<br>
<br>
tlmgr option gpg 1<br>
<br>
<br>
What is the logic of installing something that then, perhaps, you can not use?<br>
<br>
This is my opinion.<br>
<br>
Do you like that? DO that, but it is only a security illusion..<span class=""><font color="#888888"><br></font></span></blockquote><div><br></div><div>I have reread your original e-mail again. I do not see any complaint made by tlmgr, there is not even a warning, it just informs that gpg was not found and prvcessing continues. It does not pretend to work securely, so I do not see any illusion. The current behaviour is useful for those who know what gpg is, are able to install software and thus get more security. Without this message these people will not know that it is worth to install gpg. Do you really want to keep people uninformed and let them use less security although more secure way is readily available? <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><font color="#888888">
<br>
<br>
Angelo<br></font></span></blockquote><div><br><br><br clear="all"><div><div class="gmail_signature">Zdeněk Wagner<br><a href="http://ttsm.icpf.cas.cz/team/wagner.shtml" target="_blank">http://ttsm.icpf.cas.cz/team/wagner.shtml</a><br><a href="http://icebearsoft.euweb.cz" target="_blank">http://icebearsoft.euweb.cz</a></div></div>
<br> </div></div><br></div></div>