semantics of gnupg --keyserver in 2.1

Andre Heinecke aheinecke at
Wed Dec 17 17:08:57 CET 2014


On Wednesday, December 17, 2014 03:40:23 PM Werner Koch wrote:
> Frankly, I am not sure what to do, either.  My code tried to make it
> mostly compatible with gnupg < 2.1 but there are other options,

In that case I would vote for just overwriting the config value if it is 
provided on the command line and use a fallback mechanism using one or 
multiple config entries otherwise. (or multiple keyserver options on the 
command line)

If you explicitly set the command line keyserver parameter you probably really 
want that keyserver to be used for some reason. So this should overwrite the 

This would also avoid the necessity of detecting if a keyserver came from 
config or from the command line to print a proper informational message if a 
fallback is used in case the command line keyserver is not available.
(I would expect this in that case)

Now for configured keyservers or multiple keyserver arguments on the command 
line dirmngr should use all of them and try them out. Currently it fails on 
the first failing server but I would expect that if i have 
keyserver hkp://
keyserver hkp://bar.baz

in my config that it would first try and if that server is unreachable 
try bar.baz.

(I think this is how the protocol is currently supposed to work with KEYSERVER 
--clear and multiple KEYSERVER commands but for me it always fails if it 
encounters a server that is unreachable)

Btw. kleopatra already offers to configure multiple keyservers although this did 
not work with older versions.


Andre Heinecke |  ++49-541-335083-262  |
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Gnupg-devel mailing list