Tue, Jan 19
Dependency hell - ask your favorite distribution
Can you point me to a more elaborate list of the general concerns? (Central directories offer some sort of stable history, namespace and API service towards identifying modules, just like the venerable https://www.ctan.org/ . The solutions built on such services, like programming environment specific "package" and dependency managers that download and install thousands of packages automatically (like yarn) may be debatable, but I am not aware of much general concern against the services itself.)
Typo, sorry. I have no access to pypi and won't apply for an account due to general concerns about those platforms. Thus I can't change that page. Let me assign you this issue ;-)
@werner, that is a missunderstanding:
Mon, Jan 18
No, this is a fork and we consider the use of a PyPy for GPGME a Bad Thing because it does not guarantee a stable ABI and we accept bugs files against this version.
I may attempt an update here, who has the pypi maintenance account?
(If we don't have it, we need to ask Justin or create a ticket with the PSF.)
Tue, Jan 5
|we do it for the other bindings as well.|
can you elaborate?
Given all the resources we had put on this Python bindings I'd suggest to bite the bullet and replace Swig by handcrafted bindings. More work but we do it for the other bindings as well.
Dec 3 2020
Thanks. Fixed in rM7a4fe82a017b: python: Fix key_export*..
Nov 20 2020
Nov 19 2020
Oct 28 2020
Pushed the change.
Oct 27 2020
IIUC, fix can be like this:
diff --git a/lang/python/src/core.py b/lang/python/src/core.py index 996c3b0f..646bbc60 100644 --- a/lang/python/src/core.py +++ b/lang/python/src/core.py @@ -147,7 +147,12 @@ class GpgmeWrapper(object): gpgme.gpg_raise_callback_exception(slf) return result
Sep 18 2020
Jul 15 2020
Apr 20 2020
On further thought, it's possible that something closer to what
Bernhard wants (and incidentally more along the lines of what I was
thinking of in some of our discussions just after the initial port)
might be achievable with Cython.
FWIW, GPGME is basically C90 and we only recently started to use C99 variadic macros - they are a cpp feature, though.
Apr 19 2020
CFFI has no real means of generating the needed bindings on the fly
like SWIG does, except via its ABI methods, but those are inferior to
what SWIG does. It also can't handle all the ifdefs (or really any of
the ifdefs) in gpgme.h.
Aug 27 2019
i'm actually running make -j3 check, since make -j3 distcheck has the problems described in T4688.
So i've been able to (intermittently) reproduce the failures that i think @werner was alluding to here, but not under any circumstances where i can get them to happen reliably to understand what's going on.
Jul 8 2019
yes, python2.7 and python3.7
Using several python versions?
Jun 21 2019
Jun 19 2019
I note that "the best" seems like it might be a pretty subjective thing. The standard GnuPG framing asks about the validity of keys for the User ID in question. Perhaps the caller could indicate whether they want to require full validity for each key to make this key selection more strict.
The function would do something like:
- from msg, extract all e-mail addresses from to, cc, bcc fields
- find "the best" keys that match these addresses, storing them in keylist
- copy msg to tmp, remove bcc header from tmp
- wrap armored output of gpg.Context.encrypt(bytes(tmp), recipients=keylist) in the necessary RFC 3156 cladding, copying most headers from msg (maybe stubbing out the subject), producing an email.message.EmailMessage object.
Jun 13 2019
Jun 4 2019
I tried to apply&push, since we changed the file a bit, I needed to apply it manually.
Anyway, it's done.
May 6 2019
Merged. Thanks again for your work on this.
Thanks for the explanation. That addresses my concerns.
May 3 2019
I agree that this is a minor API shift, but i *don't* think it's a security problem, because i was particularly careful to maintain the invariant that decrypt(verify=True) will only ever return valid signatures.
I'm for merging this as I understand the rationale. In Kleo / GpgOL I also only need one valid signature.
I've just published a branch dkg/fix-T4276 (with commit 4100794e305ba22241ea5a4f7b42bb5189fbd948) which i think resolves this issue.
Mar 19 2019
@dkg If you propose a patch here I'm pretty sure that we will accept it. As one of our Python binding users you know better then us how the API should behave.
Mar 12 2019
Reading through this issue and the related documentation: Thanks for writing this all down and adding links!