semantics of gnupg --keyserver in 2.1
Andre Heinecke
aheinecke at intevation.de
Wed Dec 17 17:08:57 CET 2014
Hi,
On Wednesday, December 17, 2014 03:40:23 PM Werner Koch wrote:
> Frankly, I am not sure what to do, either. My code tried to make it
> mostly compatible with gnupg < 2.1 but there are other options,
In that case I would vote for just overwriting the config value if it is
provided on the command line and use a fallback mechanism using one or
multiple config entries otherwise. (or multiple keyserver options on the
command line)
If you explicitly set the command line keyserver parameter you probably really
want that keyserver to be used for some reason. So this should overwrite the
config.
This would also avoid the necessity of detecting if a keyserver came from
config or from the command line to print a proper informational message if a
fallback is used in case the command line keyserver is not available.
(I would expect this in that case)
Now for configured keyservers or multiple keyserver arguments on the command
line dirmngr should use all of them and try them out. Currently it fails on
the first failing server but I would expect that if i have
keyserver hkp://foo.bar
keyserver hkp://bar.baz
in my config that it would first try foo.bar and if that server is unreachable
try bar.baz.
(I think this is how the protocol is currently supposed to work with KEYSERVER
--clear and multiple KEYSERVER commands but for me it always fails if it
encounters a server that is unreachable)
Btw. kleopatra already offers to configure multiple keyservers although this did
not work with older versions.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gnupg-devel
mailing list