Page MenuHome GnuPG
Create Task
Maniphest T4512

gpg's --keyserver option should be more robustly deprecated
Open, LowPublic
Actions

Description

ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac intended to deprecate the --keyserver option for gpg way back in 2.1.9. The stated preference on the gnupg-devel mailing list is to use the keyserver option for dirmngr. and it's not strictly necessary today because gpg ships with a reasonable default keysever.

But g10/keyserver.c contains a warning message "(use option --keyserver)" in some circumstances.

This should be cleaned up if we're serious about deprecating gpg --keyserver.

Note that T4466 also refers to cleaning up the documentation about --keyserver in gpg(1).

Details

Version
2.2.15

Revisions and Commits

rG GnuPG
rG8d645f1d1f2b gpg: Do not print a hint to use the deprecated --keyserver option.
rG7102d9b798b0 gpg: Do not print a hint to use the deprecated --keyserver option.

Related Objects

Event Timeline

dkg created this task.May 14 2019, 12:49 AM
dkg mentioned this in T4513: dirmngr should try the configured keyservers anyway even if they are all dead.May 14 2019, 12:54 AM
dkg updated the task description. (Show Details)May 14 2019, 7:42 AM
werner added a commit: rG7102d9b798b0: gpg: Do not print a hint to use the deprecated --keyserver option..May 14 2019, 7:56 AM
werner added a commit: rG8d645f1d1f2b: gpg: Do not print a hint to use the deprecated --keyserver option..May 14 2019, 8:38 AM
werner closed this task as Resolved.May 14 2019, 8:38 AM
werner claimed this task.
werner added a subscriber: werner.

I removed this specialized error message. Thanks for reporting.

werner mentioned this in T4509: Release GnuPG 2.2.16.May 28 2019, 5:08 PM
dkg reopened this task as Open.Jun 8 2019, 5:29 AM
dkg added a subscriber: Valodim.

thanks for fixing that error message, @werner. As @Valodim points out in discusson about hagrid, a gpg.conf keyserver option (deprecated according to the documentation) overrides the dirmngr.conf keyserver option (not deprecated according to the documentation.

Is the gpg.conf option really deprecated? if so, why? and why does a deprecated option supercede a non-deprecated one?

I can understand why a command-line --keyserver option would be expected to override all config file keyserver options (command line arguments are expected to override configuration files), but this situation is pretty confusing and opaque for someone who doesn't already understand the GnuPG architecture and the history of the project.

How can we align the documentation and the implementation in a way that tells a simple and clear story to a user just trying to figure out what to do?

werner triaged this task as Low priority.Jun 8 2019, 10:40 AM

We need --keyserver in gpg for just one reason: backward compatibility.

dkg added a comment.Jun 18 2019, 2:56 AM

If we only need it for backward compatibility, then the configuration in gpg.conf should *not* be overriding the preferred, forward-looking form of the configuration (in dirmngr.conf). If it is low priority to fix this, then there will be a generation of GnuPG users and toolchains which deliberately configure the value in gpg.conf instead of dirmngr.conf because they'll know that's the more robust way to do it.

If you're serious about deprecation, you need to make the preferred form of the configuration more powerful.

pert added a subscriber: pert.Jul 2 2019, 1:54 AM
werner edited projects, added gnupg (gpg23); removed gnupg (gpg22), dirmngr.Jul 4 2019, 5:15 PM

Given the recent problems with the keyservers, I expect that the keyserver feature will go away anyway and thus I do not think we will put any more effort into this. Thus I re-tag this as gpg 2.3.

Mikaela added a subscriber: Mikaela.Feb 19 2020, 1:38 PM
werner added a project: gnupg24.Dec 13 2022, 11:21 AM