over on T4591, there's some discussion about how --search is dangerously broken given the state of the SKS keyserver network.
This ticket documents a proposal to deprecate gpg --search.
I recommend having --search behave as though the user had done --locate-keys instead, and produce an additional warning to stderr.
| rG GnuPG | |||
| rG46f3283b345e gpg: New command --locate-external-key. | |||
| rGd00c8024e588 gpg: New command --locate-external-key. | |||
My plan is to let --search-key be the same as locate-key but without local lookups, thus it will be the same as
--auto-key-locate nodefault,clear,wkd,dane,keyserver --locate-key
with the akl list using whatever is configured or the default but without "local". This will also allow to for a WKD refresh without typing all the options above. I would do that at least in 2.2 only if a mail address has been give, If just a name is given the old code path is used.
I tried to implement this but this is troublesome for other programs using the interface because a common patter is to use --search-keys to get a listing and then use --recv-key to import the keys - That won't work and will require changes to --recv-key too. Thus this change will not go into 2.2. Anyway, it is not dangerous to have --search-keys because the new default for import from keyservers will be to strip all key-signatures.
For convenience a new command --locate-external-keys will be in 2.2 which does the --auto-key-locate dance.