use-tor should not imply allow-version-check
Steven Allen
steven at stebalien.com
Mon Jan 2 18:48:44 CET 2017
Werner Koch <wk at gnupg.org> writes:
> Right. The reason for the --allow-version-check option is that a GnuPG
> should not by default leak information (here an IP address running
> GnuPG). With Tor being enabled, all network access goes via Tor and
> thus nothing should leak.
That doesn't really explain why enabling tor *should* imply update
checks. I use a GNU/Linux distribution so I get all my updates through
my package manager. I'd rather not have any of my applications checking
for updates.
>> Note: These update checks are *not* made over TOR.
>
> They are.
Maybe it's not the update check? Dirmngr has been periodically opening
a direct TCP connections to 217.69.76.56 on port 443 even when `use-tor`
is specified in `~/.gnupg/dirmngr.conf` (according to my mandatory
access control system, Tomoyo).
More information about the Gnupg-devel
mailing list