[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Beware of leftover gpg-agent processes

On 08/05/2016 06:08 PM, Ian Jackson wrote:
> Could we not have gpg2 not only automatically launch the agent, but
> also automatically terminate it.  This would provide the same UI and
> same persistence properties as gpg1.

Full ACK here, with the slight modification that the agent should
only communicate with the gpg2 process that launched it.

I think that if an agent is wanted, the user should explicitly start
it. I'd even be fine with Debian changing the defaults to autostart
an agent in the background in login sessions, and documenting that,
because that's at least explicit configuration. But autostarting
something in the background and have it persist - I think that's a
huge no-go, because of the surprise factor. (Plus in contrast to an
agent started at login, process context is inherited, which could
be a whole other can of worms for something persistent... There's a
good reason why autolaunching the DBus session daemon when it's not
already running has now been deprecated for quite some time.)

I've been using gpg2 explicitly for a while now (because gpg1 doesn't
work with my YubiKey), and I didn't know that. In my case, it isn't
a huge deal, because I do run an agent in the background anyway (and
know of it), but I also have some scripts that call gpg internally
with different GPGHOME (luckily at the moment still gpg1) and I would
really not have expected the gpg calls to start an agent in the


Reply to: