[pkg-gnupg-maint] Bug#860745: Bug#860745: Please suggest a fix for "server $SOMETHING is older than us" message
Enrico Zini
enrico at debian.org
Sun Apr 23 09:09:27 UTC 2017
On Fri, Apr 21, 2017 at 06:52:20PM +0200, Werner Koch wrote:
> > gpg: WARNING: server 'dirmngr' is older than us (2.1.17 < 2.1.18). Run 'gpgconf --kill dirmngr' to terminate it. A new instance will be restarted as needed.
> We already have some hints messages printed in --verbose mode, like:
> gpg: further info: Tor is not properly configured
> So I would suggest to print
> gpg: further info: A restart can be forced using "gpgconf --kill all"
Technically it sounds like the right thing. I had no idea I could get
hints with --verbose, though, so I wouldn't have seen it.
> > Alternately, it might be nice for gpg to try to effect the restart
> > itself (though i worry that could get into a loop, since gpg itself is
> Not a good idea in case you have other sessions running or you need the
> cache.
Could gpg tell dirmngr/gpg-agent to kill themselves the next time they
are idle and not servicing anyone? I imagine that would do the restart
without being a problem for other sessions running.
I don't know about the cache. I also don't know what's the danger in
running servers that have an older version than gpg itself: is it just a
cosmetic thing, or could there be a malfunction, like an ABI mismatch,
or an attack vector, like a security issue having been fixed in the new
server version, and needing a restart to take effect?
If it's just cosmetic, I'd suggest to move the warning to --verbose
hints as well. If there is a danger, I'd like the danger to be spelled
out clearly, like:
gpg: WARNING: server 'dirmngr' is older than us (2.1.17 < 2.1.18). Run with --verbose for details.
gpg: further info: Outdated servers may lack important security fixes.
gpg: further info: A restart can be forced using "gpgconf --kill all"
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170423/189ac962/attachment.sig>
More information about the pkg-gnupg-maint
mailing list