RFE: --update-before-use

Robert J. Hansen rjh at sixdemonbag.org
Thu Jun 14 19:48:51 CEST 2012

Currently, users have a public keyring containing certificates acquired 
from many different sources.  These certificates are often out of date, 
sometimes in minor ways, sometimes in large ones.  Since many users now 
have always-on and fairly reliable internet connectivity, perhaps it 
makes sense to add a new option: "update-before-use" (and its 
corresponding "no-update-before-use").

This option would only be effective if a --keyserver option is also in use.

When the update-before-use option is in effect, GnuPG will, before any 
encryption or verification, attempt to download the latest version of 
that certificate from the keyserver.  If one cannot be downloaded, GnuPG 
will display a warning message and continue to encrypt and/or verify 
using the certificate on the local keyring.

We already have something similar to this in --auto-key-retrieve, and 
the same warnings about that option probably also apply here.  The 
principal difference would seem to be that auto-key-retrieve only 
fetches certificates that are not on the local keyring, while 
update-before-use would always fetch certificates.

Thoughts?  Objections?  "Sounds good, now write the patch?"

More information about the Gnupg-users mailing list