Hello every one! I'm new to this list, but this seems a very interesting topic to me.
2010/6/4 Micah Anderson <mi...@riseup.net>: > > 0 1 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1 Thanks for this wounderful idea. I update my keys every now and then, but it usually comes down to events like key signing parties. Which is, in fact, very seldom. > It seems like the best solution would be to build into gnupg the functionality > that is similar to the automatic trust database operation: have gpg > auto-refresh > From the configured keyserver periodically. There are some considerations that > should be made here, such as how frequent should this refresh operation > happen? > Should it happen on every use, before the key is used? Should it happen just > on > the key(s) that the current operation is going to act on? What about network > problems, such as no network at all, keyserver down, or slow? There should > probably be a low timeout to not cause user annoyance, but also some sort of > indication/warning that when a keyserver update could not be performed that > the > key is potentially out of date. Users should have the capability to configure > in > their gpg.conf a 'no-auto-refresh-keys' variable if they do not want this > functionality. Perhaps even some sanity checking on the data that is coming in > would be good to guard against gigabytes of data coming down. Sounds good to me. Another consideration would be to pass this task to gui frontends, like kleopatra or seahorse. A warning printed out by gpg would be a good idea, too. Also, there should be a severe warning if you sign a key, which hasn't been updated for months (or so). Looking foreward to you opinions. Regards, Ben _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
