On 2025-10-10 Steve McIntyre <[email protected]> wrote: > Package: gpg-agent > Version: 2.4.8-3 > Severity: important
> Hi! > I'm using gpg-agent to store passphrases for a software-signing server > at Pexip. We've been doing this for quite some time, and it has worked > well until now. With the upgrade to Trixie, things have broken. :-( > I've debugged and found the problem: something has changed in the > handling of the "max-cache-ttl" value for gpg-agent and it now breaks > on values which are > 2^31. > We've been using > max-cache-ttl 4294967295 > (i.e. 2^32 - 1) in our config previously, so as to keep passphrases > cached for a very long time. This worked just fine. Since the upgrade, > testing showed that passphrases were being expired *immediately* after > being preset. [...] Hello Steve, Is this on a specific arch? I just tried this on amd64/forky: testit@argenau:~$ rm -rf ~/.gnupg/ testit@argenau:~$ gpg --quick-generate-key [email protected] testit@argenau:~$ echo 'max-cache-ttl 7000000000' > ~/.gnupg/gpg-agent.conf testit@argenau:~$ killall gpg-agent testit@argenau:~$ echo blah > /tmp/foo testit@argenau:~$ rm -f /tmp/foo.gpg && gpg --sign /tmp/foo # and a second time testit@argenau:~$ rm -f /tmp/foo.gpg && gpg --sign /tmp/foo And I thought I would have to re-enter the passphrase when signing the 2nd time but that did not happen. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
