Update split-gpg.md

Sorry for proposing this change, since it evens puts into question the existence of the page and even Split GPG.  Maybe I should also submit a bug to https://github.com/QubesOS/qubes-issues .  I just followed the [contribution suggestions](https://www.qubes-os.org/doc/doc-guidelines/#contribution-suggestions).

security/split-gpg.md

@@ -74,14 +74,18 @@ signed before the operation gets approved. Perhaps the GPG backend domain
 could start a Disposable VM and have the to-be-signed document displayed
 there? To Be Determined.
 
-- The Split GPG client will fail to sign or encrypt if the private key in the
+- **Split GPG is unusable due to the following problem**:
+The Split GPG client will fail to sign or encrypt if the private key in the 
 GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl 
 for device"* error. Avoid setting passphrases for the private keys in the GPG 
-backend domain, it won't provide extra security anyway, as explained before. If
+backend domain, it won't provide extra security anyway, as explained before. 
-you have a private key that already has a passphrase set use
+Unfortunately you can set empty passphrases no matter what `pinentry-*` package 
-`gpg2 --edit-key {key_id}`, then `passwd` to set an empty passphrase. Be aware
+you are using.  If you are generating a new key pair, or if you have a private 
-that `pinentry-ncurses` doesn't allow setting empty passphrases, so you would need
+key that already has a passphrase and use 
-to install `pinentry-gtk` for it to work.
+`gpg2 --edit-key {key_id}`, then `passwd`, then pinentry won't allow setting an 
+empty passphrase.  This is true for any pinentry packages like `pinentry-ncurses` 
+and `pinentry-gtk` in Fedora, and for `pinentry-curses`, `pinentry-gtk2` and 
+`pinentry-gnome` in Debian.
 
 ## Configuring Split GPG ##