On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> 1. gnupg1-compatible authorisation lifetime:
I believe this is a deliberate change in semantics from the upstream
GnuPG project. In particular, authorization for the use of secret key
material is now the responsibility of the gpg-agent. This is an overall
win, because it means that no process ever gets access to the secret key
in memory *except* for the gpg-agent. The gpg-agent is where these
decisions are made.
If you want an agent that never caches any passphrase (and therefore has
a one-use-per-authorization), this is an easy thing to do by adjusting
max-cache-ttl in gpg-agent.conf. you can also set this dynamically with
gpgconf (see the --runtime option in gpgconf(1)).
> 2. Explicit programmatic control of authorisation lifetime:
This is also present in some form with the current gpg, but there are a
couple different ways to do it -- you can still set up and tear down a
separate gpg-agent (though managing that independently from other
sessions can be tricky); you can set authorization cache times that
are bounded to the times you prefer; or you can explicitly tear down the
agent after a given run.
btw, upstream now has fixes to the inotify teardown approach, which i
hope to land in debian unstable in the next day or two.
Thanks for your engagement on this issue, Ian.
--dkg
Attachment:
signature.asc
Description: PGP signature