[PATCH] doc: clarify dirmngr use-tor documentation

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 3 16:50:01 CEST 2019


On Fri 2019-05-03 16:18:21 +0200, Werner Koch wrote:
> On Fri, 19 Apr 2019 10:21, dkg at fifthhorseman.net said:
>
>> reloading dirmngr wouldn't allow me to clear --use-tor.  Does that
>> mean i just need to restart dirmngr to clear --use-tor, instead of
>> reloading?  Is that a deliberate design decision, or an accident of
>> implementation?  If it's deliberate, what do i (as a user) gain from
>
> Right.  You need to restart dirmngr and it is not sufficient to SIGHUP
> it.  This is to make it extra hard to bypass Tor if it has been used
> before in this session.

Thanks for thinking about this!

This isn't "extra hard" though -- it just means "gpgconf --kill dirmngr"
instead of "gpgconf --reload dirmngr", right?  (or SIGTERM instead of
SIGHUP)

Is this marginal increase in "hardness" worth the additional confusion
and complexity in configuration?

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190503/b0bd4083/attachment-0001.sig>


More information about the Gnupg-devel mailing list