I think there must be an issue about this already but I could not find it.
My most important wish for a "professional" Gpg4win product is that it should be easier to deploy a configuration of GnuPG. For Example the compliance de-vs option. Currently our institutional deployment runs a login script for this.
Kleopatra uses the library KConfig to have a very nice configuration interface.
For GnuPG my proposal is:
- Read config from /etc/gnupg/
-> No new magic please like the profiles and all that stuff. Just read a "gpg.conf" "gpg-agent.conf" etc. from that location. Treat it as normal config files.
- Afterwards read the config from the GnuPG home dir.
If an option in the system wide configuration is marked with a "=" sign or something like that at the beginning of the line treat it as immutable. Otherwise prefer the user option.
E.g. if =enable-crl-checks is in the system wide config a "disable-crl-checks" should be ignored in the user config. Without an equal sign CRL checks should be disabled because the user has explicitly set it.
I'm mostly interested in Windows for this.