Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)
Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)"):
> Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
> > One of the main differences is that all access to your secret key
> > will be handled through gpg-agent, which should be automatically
> > launched as needed.
>
> it might be important to note that gpg launching this gpg-agent
> process is not optional and that it will automatically be launched
> and continue running in the background for many gpg operations.
This is rather alarming. As a longtime gpg1 user I hadn't appreciated
this.
Could we not have gpg2 not only automatically launch the agent, but
also automatically terminate it. This would provide the same UI and
same persistence properties as gpg1.
I don't think a general change to a timeout-based persistence model is
a good idea in itself; and of course there are the practical problems
Johannes mentions.
Ian.
Reply to: