[pkg-gnupg-maint] Bug#1053531: Bug#1053531: gnupg/gpg-agent/pinentry: timeout

[Werner Koch]

Hi Thorsten,

> distracted by being asked a question, and it had terminated the
> pinentry and agent, asking me for a password on stderr/tty without
> pinentry, but as soon as I went to type it there, it ended up with:

The second one is the usual ssh prompt in a failed ssh-agent.

> IMHO the pinentry form shouldn’t time out (or at least be reasonable
> about it, e.g. time out after one hour, at the earliest, or so).

Put a pinentry-timeout into gpg-agent.conf

--pinentry-timeout n

   This option asks the Pinentry to timeout after n seconds with no user
   input.  The default value of 0 does not ask the pinentry to timeout,
   however a Pinentry may use its own default timeout value in this
   case.  A Pinentry may or may not honor this request.

The default is 60 seconds, iirc. No timeout is not a good idea either
because you will run into a related problem when you request a second
action requiring a pinentry - that will then wait for the already open
pinentry somewhere on another desktop.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20231008/cb3190a7/attachment.sig>