[pkg-gnupg-maint] Beware of leftover gpg-agent processes

[Daniel Kahn Gillmor]

On Sat 2016-08-06 02:24:24 -0400, Paul Wise wrote:
> On Sat, Aug 6, 2016 at 12:41 AM, Daniel Kahn Gillmor wrote:
>
>> There are good reasons to want to have the agent running over time and
>> not terminating with the individual invocations of gpg1.  In particular,
>> passphrase caching and smartcard management are useful features.
>
> I noticed after upgrading gnupg to experimental and monkeysphere to
> unstable, monkeysphere now has gpg-agent processes running as root:
>
> $ pgrep -a gpg | grep -i monk
> 27043 gpg-agent --homedir /var/lib/monkeysphere/authentication/core
> --use-standard-socket --daemon
> 27061 gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere
> --use-standard-socket --daemon

it makes sense that this would happen, as monkeysphere-authentication
does use secret key material for maintaining its list of system
authenticators.

If you think this is a problem, please open a bug report against the
monkeysphere package and we'll see what we can do about it.

>>   systemctl --user enable dirmngr
>
> BTW, does this make parcimonie obsolete? I noticed that dirmngr
> suggests tor and the gnupg package in experimental still suggests
> parcimonie.

Nope, not yet.  dirmngr doesn't currently do automated ongoing key
refreshes.  it would be great if it did, but that's probably something
to work on with dirmngr upstream.  See:

 https://bugs.gnupg.org/gnupg/issue1827

I know there's some ongoing work on this by other folks too.  if you (or
anyone) is interested, please follow up with me off-list about where
that stands.

happy hacking,

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160806/9fc4fd95/attachment-0001.sig>