remap `--search` to `--locate-keys` (with warning)
Open, NormalPublic

Description

over on T4591, there's some discussion about how --search is dangerously broken given the state of the SKS keyserver network.

This ticket documents a proposal to deprecate gpg --search.

I recommend having --search behave as though the user had done --locate-keys instead, and produce an additional warning to stderr.

dkg created this task.Jul 1 2019, 6:16 PM
werner claimed this task.Jul 1 2019, 7:31 PM
werner triaged this task as High priority.
ilf added a subscriber: ilf.Jul 1 2019, 7:31 PM
werner edited projects, added gnupg (gpg22); removed gnupg.Jul 3 2019, 5:58 PM

My plan is to let --search-key be the same as locate-key but without local lookups, thus it will be the same as

--auto-key-locate nodefault,clear,wkd,dane,keyserver --locate-key

with the akl list using whatever is configured or the default but without "local". This will also allow to for a WKD refresh without typing all the options above. I would do that at least in 2.2 only if a mail address has been give, If just a name is given the old code path is used.

werner moved this task from Backlog to For next release on the gnupg (gpg22) board.Jul 3 2019, 6:01 PM
werner edited projects, added gnupg (gpg23); removed gnupg (gpg22).Jul 4 2019, 11:33 AM

I tried to implement this but this is troublesome for other programs using the interface because a common patter is to use --search-keys to get a listing and then use --recv-key to import the keys - That won't work and will require changes to --recv-key too. Thus this change will not go into 2.2. Anyway, it is not dangerous to have --search-keys because the new default for import from keyservers will be to strip all key-signatures.

For convenience a new command --locate-external-keys will be in 2.2 which does the --auto-key-locate dance.

werner lowered the priority of this task from High to Normal.Jul 4 2019, 3:23 PM
georg added a subscriber: georg.Jul 10 2019, 11:59 PM
steve added a subscriber: steve.Jul 22 2019, 12:07 AM