[sup-talk] GPG Support

William Morgan wmorgan-sup at masanjin.net
Tue Jul 3 22:55:56 EDT 2007

Excerpts from jeff.covey's message of Mon Jun 18 17:00:52 -0700 2007:
> Excerpts from Chris Lee's message of Thu May 17 17:24:11 -0400 2007:
> > The sources.yaml file is pgp encrypted now.
> why is that?  there doesn't seem to be any sensitive information in
> sources.yaml, and encrypting it makes it harder to deal with.

For IMAP and mbox+ssh sources, the username and password is stored in
sources.yaml. Sup is careful to create it with the right unix mode, so
I'm not convinced of the vital necessity of this feature, but I'm not
opposed to its very existence either.

> i wouldn't bother with storing passwords/phrases and encrypting files,
> i would just let gpg prompt people for the words/phrases as needed.
> if they don't want to type them each time, they can use something like
> gpg-agent.

I tend to agree. I'm happy to offload as much functionality to other
programs as possible.

> i only use one key myself, but it would be nice to be able to specify a key
> for each account under ":accounts:".


I haven't incorporated Chris's patch yet, mostly because I wanted to
flesh out Sup's multi-account support, but now that things are better on
that end, I do plan to revisit the issue. Chris, if you're still there,
please don't feel like I've ignored you.

William <wmorgan-sup at masanjin.net>

More information about the sup-talk mailing list