[pkg-gnupg-maint] Bug#1101471: starting of agent for system accounts is inacceptable
Marc Haber
mh+debian-packages at zugschlus.de
Fri Mar 28 06:01:26 GMT 2025
Package: gpg-agent
Version: 2.2.46-6
Severity: important
Hi,
from the README:
|Since 2.1.17, users on machines with systemd will have their gpg-agent
|process launched automatically by systemd's user session, upon first
|access of any of the expected gpg-agent sockets (including the ssh
|socket). systemd will also cleanly tear this process down at session
|logout.
I find that inacceptable at least for system accounts. The suggested
remedy is to manually mask four systemd units inside every single
account.
Please consider adding a global option to start gpg-agent only for
whitelisted accounts. There should also be an option to start gpg-agent
for normal users, that might default to yes, but it should be possible
to turn it off.
Greetings
Marc
More information about the pkg-gnupg-maint
mailing list