v0.4.7 update - new auto_decrypt() & auto_verify() methods

rmlibre · Dec 17, 2019 · 1cc07c3 · 1cc07c3
1 parent 4c758dc
commit 1cc07c3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -3,6 +3,7 @@
 - Because of Debian [bug #930665](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930665), and related GnuPG [bug #T4393](https://dev.gnupg.org/T4393), importing keys from the default keyserver [keys.openpgp.org](https://keys.openpgp.org/) doesn't work automatically on all systems. Not without email confirmation, at least. That's because the keyserver will not publish uid information attached to a key before a user confirms access to the email address assigned to the uploaded key. And, because GnuPG folks are still holding up the merging, and back-porting, of patches that would allow GnuPG to automatically handle keys without uids gracefully. This effects the `network_import()` method specifically, but also the `text_import()` and `file_import()` methods, if they happen to be passed a key or filename argument which refers to a key without uid information. The gpg2 binary in this package can be replaced manually if a user's system has access to a patched version.
 - Because of GnuPG [bug #T3065](https://dev.gnupg.org/T3065#111023), and related [bug #1788190](https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190), the `--keyserver` and `--keyserver-options http-proxy` options won't work with onion addresses, and they cause a crash if a keyserver lookup is attempted. This is not entirely an issue for us since we don't use gnupg's networking interface. In fact, we set these environment variables anyway to crash on purpose if gnupg tries to make a network connection. And in case the bug ever gets fixed (it won't), or by accident the options do work in the future, then a tor SOCKSv5 connection will be used instead of a raw connection.
 - This program may only be reliably compatible with keys that are also created with this program. That's because our terminal parsing is reliant on specific metadata to be similar across all encountered keys. It seems most keys have successfully been parsed with recent updates, though more testing is needed.
+- The tests don't currently work when a tester's system has a system installation of tiny_gnupg, and the tests are being run from a local git repo directory. That's because the tests import tiny_gnupg, but if the program is installed in the system, then python will get confused about which keyring to use during the tests. This will lead to crashes and failed tests. Git clone testers probably have to run the test script closer to their system installation, one directory up and into a tests folder. Or pip uninstall tiny_gnupg. OR, send a pull request with an import fix.
 - Currently, the package is part synchronous, and part asynchronous. This is not ideal, so a decision has to be made: either to stay mixed style, or choose one consistent style.
 - We're still in unstable and have to build out our test suite. Contributions welcome.
 ## Minor Changes