Why 2.1 is delayed for so long
dshaw at jabberwocky.com
Wed Sep 24 05:29:34 CEST 2014
On Sep 22, 2014, at 12:45 PM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 22 Sep 2014 17:14, dshaw at jabberwocky.com said:
>> I basically agree with this.
> Me too.
>> Of course, --expert would have everything and give all options,
>> including setting key flags, as today. But without --expert, just
>> make an RSA (sign+certify) + RSA (encrypt) key, as is the default
> I wonder whether a sign only key (and then being able to select between
> DSA or RSA) makes sense in non-expert mode. What do you think?
Hmm. I think it would be best to generate an encryption subkey as well. I strongly suspect most people generating a key would need one, and doing it with one invocation of --gen-key is better than telling them to use --gen-key, then --edit-key to add an encryption subkey.
> Shall we add a line "For more options run gpg with --expert"?
I think that's a good idea, but giving this whole thing a bit of thought, perhaps not "--expert". That is, make up some new option to show the full key generation list. (or even a different command: "--gen-key" vs "--gen-key-full" perhaps?) The reason why I'm reluctant to use --expert is that it has a pretty defined meaning as the option that allows you to do dangerous / nonstandard / incompatible things. Those things are useful to do, at times, but generating different key types doesn't really fall into any of those buckets. I don't want --expert to be the standard way to do something "normal".
So, absolutely in favor of the concept of concealing the non-default options behind some new option, and by all means tell the user about this new option when generating keys, but I'd like to use something other than "--expert" as that new option.
More information about the Gnupg-devel