On 08/05/2016 06:08 PM, Ian Jackson wrote: > Could we not have gpg2 not only automatically launch the agent, but > also automatically terminate it. This would provide the same UI and > same persistence properties as gpg1.
Full ACK here, with the slight modification that the agent should only communicate with the gpg2 process that launched it. I think that if an agent is wanted, the user should explicitly start it. I'd even be fine with Debian changing the defaults to autostart an agent in the background in login sessions, and documenting that, because that's at least explicit configuration. But autostarting something in the background and have it persist - I think that's a huge no-go, because of the surprise factor. (Plus in contrast to an agent started at login, process context is inherited, which could be a whole other can of worms for something persistent... There's a good reason why autolaunching the DBus session daemon when it's not already running has now been deprecated for quite some time.) I've been using gpg2 explicitly for a while now (because gpg1 doesn't work with my YubiKey), and I didn't know that. In my case, it isn't a huge deal, because I do run an agent in the background anyway (and know of it), but I also have some scripts that call gpg internally with different GPGHOME (luckily at the moment still gpg1) and I would really not have expected the gpg calls to start an agent in the background. Regards, Christian