Working with a system-shared keyring

Doug Barton dougb at dougbarton.us
Tue Aug 9 18:51:56 CEST 2011


On 08/09/2011 02:38, Werner Koch wrote:
> On Fri, 10 Jun 2011 20:43, dougb at dougbarton.us said:
> 
>>> But fixes a lot of problems.  The keyring is a database and if we
>>> distribute this database to several files without a way to sync them;
>>> this leads to problems.  You may have not been affected by such problems
>>> but only due to the way you use gpg.
>>
>> Can you elaborate on those problems? I can think of several examples
>> of databases whose contents are stored in multiple files without any
>> difficulty, so I'm curious.
> 
> But in those cases the files are either under the control of the
> database or partitioned using a well defined scheme.  With the --keyring
> option this is different: You may add several keyrings to GnuPG and
> remove them later.  There is no way GPG can tell whether there are
> duplicates or which instances of a duplicated entry it needs to update.
> Sure, we could make this working but I it will get really complex.  Thus
> it is far easier to have one file or set of files which are under the
> sole control of GPG.

Easier to code maybe. But I still maintain that losing the ability to
have multiple keyrings will be a significant loss of functionality for
the user. Significant enough for me that I would likely go back to the
1.4 branch (with regrets, since I like some of the functionality that is
provided in 2.x now).


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/




More information about the Gnupg-users mailing list