import from anon-gpg-conf

debian/control

@@ -15,7 +15,7 @@ Package: security-misc
 Architecture: all
 Depends: python, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin,
  apparmor-profile-anondist, helper-scripts, ${misc:Depends}
-Replaces: tcp-timestamps-disable
+Replaces: tcp-timestamps-disable, anon-gpg-tweaks
 Description: enhances misc security settings
  Inspired by Kernel Self Protection Project (KSPP)
  .
@@ -321,6 +321,10 @@ Description: enhances misc security settings
   * Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird
    to make phishing attacks more difficult. Fixing URL not showing real Domain
    Name (Homograph attack).
+  * Security and privacy enhancements for gnupg's config file
+   `/etc/skel/.gnupg/gpg.conf`. See also:
+   https://raw.github.com/ioerror/torbirdy/master/gpg.conf
+   https://github.com/ioerror/torbirdy/pull/11
  .
  Want more? Look into these:
  .

debian/security-misc.postinst

@@ -17,6 +17,11 @@ true "
 
 case "$1" in
     configure)
+        if [ -d /etc/skel/.gnupg ]; then
+            ## Lintian warns against use of chmod --recursive.
+            chmod 700 /etc/skel/.gnupg
+        fi
+
         ## /usr/share/glib-2.0/schemas/30_security-misc.gschema.override
         glib-compile-schemas /usr/share/glib-2.0/schemas || true
     ;;