[tex-live] GPG message using tlpretest on OSX

Angelo Graziosi angelo.graziosi at alice.it
Mon Apr 18 23:36:11 CEST 2016

Il 18/04/2016 22:59, Reinhard Kotucha ha scritto:
> On 2016-04-18 at 21:57:04 +0200, Angelo Graziosi wrote:
>   > Norbert Preining wrote:
>   > > Are you ready to defend TUG in front of an US court? If not, please
>   > > stop bothering us.
>   >
>   > I am afraid bothering you, but this is one more reason to remove this
>   > from TL2016...
> No, this can never be a reason.
> And even if you can convince Norbert to add an option which allows to
> control this behavior, everything which enhances security has to be
> turned on by default.  Always.
> It seems that you prefer convenience to security.  Not a good idea,

No, I don't prefer convenience but you are changing the policy of TL.

It was to make TL as much as possible self-contained adding programs it 
needs in the distribution. Only rarely you allowed that someone of those 
program were already installed on the OS..

Now, you not only do not add the program (for any noble reason that you 
want) but also allow for it to not be installed or not available from 
the OS. It is the first time I "hear" this kind of argument on this list..

If you want add that, it should be off by default. Then you can say:

  Dear user, have you installed gpg? May you install it? yes? do you 
want to check for security? yes? then enable it with:

tlmgr option gpg 1

What is the logic of installing something that then, perhaps, you can 
not use?

This is my opinion.

Do you like that? DO that, but it is only a security illusion..


More information about the tex-live mailing list