[pkg-gnupg-maint] Bug#840669: Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)

[Ian Jackson]

Ian Jackson writes ("Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)"):
> Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)"):
> 
> > Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
> > > One of the main differences is that all access to your secret key
> > > will be handled through gpg-agent, which should be automatically
> > > launched as needed.
> > 
> > it might be important to note that gpg launching this gpg-agent
> > process is not optional and that it will automatically be launched
> > and continue running in the background for many gpg operations.
> 
> This is rather alarming.  As a longtime gpg1 user I hadn't appreciated
> this.
> 
> Could we not have gpg2 not only automatically launch the agent, but
> also automatically terminate it.  This would provide the same UI and
> same persistence properties as gpg1.
> 
> I don't think a general change to a timeout-based persistence model is
> a good idea in itself; and of course there are the practical problems
> Johannes mentions.

This (and the change to gnupg2) has now broken dgit's DEP-8 test
suite, when run under schroot.  I'm discussing this in #840669 (CC'd).

I am trying to persaude Daniel that we should provide (at least
optionally) a mode where an autostarted agent (and the corresponding
authorisations, if the user types in a passphrase) have a lifetime
limited by that of the gpg process which started the agent.

Ian.

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.