Why 2.1 is delayed for so long

David Shaw dshaw at jabberwocky.com
Wed Sep 24 05:29:34 CEST 2014

On Sep 22, 2014, at 12:45 PM, Werner Koch <wk at gnupg.org> wrote:

> On Mon, 22 Sep 2014 17:14, dshaw at jabberwocky.com said:
>> I basically agree with this.
> Me too.
>> Of course, --expert would have everything and give all options,
>> including setting key flags, as today.  But without --expert, just
>> make an RSA (sign+certify) + RSA (encrypt) key, as is the default
>> today.
> I wonder whether a sign only key (and then being able to select between
> DSA or RSA) makes sense in non-expert mode.  What do you think?

Hmm.  I think it would be best to generate an encryption subkey as well.  I strongly suspect most people generating a key would need one, and doing it with one invocation of --gen-key is better than telling them to use --gen-key, then --edit-key to add an encryption subkey.

> Shall we add a line "For more options run gpg with --expert"?

I think that's a good idea, but giving this whole thing a bit of thought, perhaps not "--expert".  That is, make up some new option to show the full key generation list.  (or even a different command: "--gen-key" vs "--gen-key-full" perhaps?)  The reason why I'm reluctant to use --expert is that it has a pretty defined meaning as the option that allows you to do dangerous / nonstandard / incompatible things.  Those things are useful to do, at times, but generating different key types doesn't really fall into any of those buckets.  I don't want --expert to be the standard way to do something "normal".

So, absolutely in favor of the concept of concealing the non-default options behind some new option, and by all means tell the user about this new option when generating keys, but I'd like to use something other than "--expert" as that new option.


More information about the Gnupg-devel mailing list