On Sat 2016-08-06 02:24:24 -0400, Paul Wise wrote: > On Sat, Aug 6, 2016 at 12:41 AM, Daniel Kahn Gillmor wrote: > >> There are good reasons to want to have the agent running over time and >> not terminating with the individual invocations of gpg1. In particular, >> passphrase caching and smartcard management are useful features. > > I noticed after upgrading gnupg to experimental and monkeysphere to > unstable, monkeysphere now has gpg-agent processes running as root: > > $ pgrep -a gpg | grep -i monk > 27043 gpg-agent --homedir /var/lib/monkeysphere/authentication/core > --use-standard-socket --daemon > 27061 gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere > --use-standard-socket --daemon
it makes sense that this would happen, as monkeysphere-authentication does use secret key material for maintaining its list of system authenticators. If you think this is a problem, please open a bug report against the monkeysphere package and we'll see what we can do about it. >> systemctl --user enable dirmngr > > BTW, does this make parcimonie obsolete? I noticed that dirmngr > suggests tor and the gnupg package in experimental still suggests > parcimonie. Nope, not yet. dirmngr doesn't currently do automated ongoing key refreshes. it would be great if it did, but that's probably something to work on with dirmngr upstream. See: https://bugs.gnupg.org/gnupg/issue1827 I know there's some ongoing work on this by other folks too. if you (or anyone) is interested, please follow up with me off-list about where that stands. happy hacking, --dkg
signature.asc
Description: PGP signature
