Henning Schild

> @henning-schild For gpgsm, do they ignore certificate validity periods? How do they assess valid signatures (or do they accept anything)? Is it worth having a discussion around having gpgsm...

I guess the whole timestamp story is again a story of trust and not of authenticity. You would not want to distrust a whole repo because the key of the...

As far as i know gpg(sm) does not support tsa and git does not either. So it would be a config key for smimesign, maybe better kept in a separate...

I would go for `gpg.x509.smimesign-tsa` or `smimesign.tsa`, just to avoid a possible future collision.

This reminds me of https://github.com/OpenSC/OpenSC/issues/2060 If the two modules must not be loaded at the same time, they should mutually exclude each other and issue a warning on double-load. Configuration...

> Sounds like a good feature. Any ideas on implementing that? dlopen has " __attribute__((constructor))" and also "__attribute__((destructor))" that can potentially be used to allocate some ressource that is uniqe...

I never understood what the diff is between the two. Maybe they can be stacked ... so that loading "onepin" pulls in "normal" and just assign a global variable "opensc_onepin...

I see no reason to close this and make it a user-problem. Exactly these problems are bound to happen and they do happen in practice. So again a "central" detection...

just found this in my thunderbird `pkcs11.txt` ``` library=/usr/lib64/pkcs11/onepin-opensc-pkcs11.so name=OpenSC smartcard framework (0.21) library=/usr/lib64/opensc-pkcs11.so name=OpenSC smartcard framework (0.22) ``` `pkcs11-register` is seriously broken! Since i am failing to get that...

`pkcs11-register` is broken by design. It writes files it is clearly not allowed to, the only tools allowed are the browsers or `modutil`. It writes them at the worst point...