[Kolab-devel] gunnar: server/horde/horde-mnemo ChangeLog, 1.3, 1.4 conf.php, 1.1, 1.2

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed Sep 12 18:46:16 CEST 2007


Gunnar Wrobel wrote:
> Hi Fabio,
>
> thanks for the question. I guess it makes sense discussing this in a
> wider circle.
>
> Setting the gpg binary path to /usr/bin/gpg (and thus referring to a
> gpg installation in the distribution *surrounding* /kolab) instead of
> /kolab/bin/gpg *within* the /kolab OpenPKG environment means that
> Horde will try to use gpg from the native environment.
>
> This has one advantage: We don't need to add another package (and its
> possible dependencies) to the server. This means we also don't have to
> bother too much about security updates concerning that package.
>   
mmmm. Imho before or later we will need gpg.
Just think when in future we will discuss about automatic update or
digital signature verification of something. gpg will be a requirement.

I would suggest to evaluate the 'size' and the dependencies of gpg. If
it's small in size and doesn't require any other package i would highly
prefer the option 2.

Imho kolab should as much as possible "ready and fully featured
immediately upon installation", obviously without increasing too much in
terms of complexity and size.

Regards,
Fabio Pietrosanti




More information about the devel mailing list