[pkg-gnupg-maint] Bug#923204: Bug#923204: Bug#923204: gpg-agent has a false dependency on libpam-systemd

[Daniel Kahn Gillmor]

On Mon 2019-02-25 13:33:57 +0100, Werner Koch wrote:
> On Sun, 24 Feb 2019 16:56, joshudson at gmail.com said:
>
>> gpg-agent --server or directly from .profile (ssh sessions) by
>> gpg-agent --daemon.
>
> FWIW, actually gpg-agent is started on-demand from all tools requiring
> it.  To explicitly start it "gpgconf --launch agent" can and should be
> used.

On systems where you actually care about all processes terminating when
you log out (which is most well-managed systems), you want something
that can automatically spawn and reap per-user daemons as they're needed
by the user.

Users of GNU/Linux systems with systemd as the process supervisor can
rely on libpam-systemd to manage user sessions successfully.  That way,
when you log out, your agent actually goes away, any secrets currently
unlocked are flushed, and your overall session (and all related
processes) terminates correctly.  This allows things like automated
unmounting of relevant filesystems, flushing of in-kernel keys, etc.

There are many other possible ways to manage per-user daemons on other
systems, but if you're already using systemd, it makes no sense to have
each daemon re-invent that wheel (and potentially fail to clean up at
the end of the session, as Werner's suggestion above does).  That's why
gpg-agent Suggests: libpam-systemd.

If you want to propose better integration with any system or session
managers that can be used in Debian (whether systemd or otherwise), i'm
all ears -- please submit those changes to the BTS as specific
improvements so that we can review them and make things better for users
of those systems.

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190225/13fc0056/attachment.sig>