gpg's --keyserver option should be more robustly deprecated
Open, LowPublic

Description

ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac intended to deprecate the --keyserver option for gpg way back in 2.1.9. The stated preference on the gnupg-devel mailing list is to use the keyserver option for dirmngr. and it's not strictly necessary today because gpg ships with a reasonable default keysever.

But g10/keyserver.c contains a warning message "(use option --keyserver)" in some circumstances.

This should be cleaned up if we're serious about deprecating gpg --keyserver.

Note that T4466 also refers to cleaning up the documentation about --keyserver in gpg(1).

dkg created this task.May 14 2019, 12:49 AM
dkg updated the task description. (Show Details)May 14 2019, 7:42 AM
werner closed this task as Resolved.May 14 2019, 8:38 AM
werner claimed this task.
werner added a subscriber: werner.

I removed this specialized error message. Thanks for reporting.

dkg reopened this task as Open.Jun 8 2019, 5:29 AM
dkg added a subscriber: Valodim.

thanks for fixing that error message, @werner. As @Valodim points out in discusson about hagrid, a gpg.conf keyserver option (deprecated according to the documentation) overrides the dirmngr.conf keyserver option (not deprecated according to the documentation.

Is the gpg.conf option really deprecated? if so, why? and why does a deprecated option supercede a non-deprecated one?

I can understand why a command-line --keyserver option would be expected to override all config file keyserver options (command line arguments are expected to override configuration files), but this situation is pretty confusing and opaque for someone who doesn't already understand the GnuPG architecture and the history of the project.

How can we align the documentation and the implementation in a way that tells a simple and clear story to a user just trying to figure out what to do?

werner triaged this task as Low priority.Jun 8 2019, 10:40 AM

We need --keyserver in gpg for just one reason: backward compatibility.

dkg added a comment.Jun 18 2019, 2:56 AM

If we only need it for backward compatibility, then the configuration in gpg.conf should *not* be overriding the preferred, forward-looking form of the configuration (in dirmngr.conf). If it is low priority to fix this, then there will be a generation of GnuPG users and toolchains which deliberately configure the value in gpg.conf instead of dirmngr.conf because they'll know that's the more robust way to do it.

If you're serious about deprecation, you need to make the preferred form of the configuration more powerful.

pert added a subscriber: pert.Jul 2 2019, 1:54 AM

Given the recent problems with the keyservers, I expect that the keyserver feature will go away anyway and thus I do not think we will put any more effort into this. Thus I re-tag this as gpg 2.3.