Re: [Tails-dev] gnupg keyserver-options http-proxy value?

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] gnupg keyserver-options http-proxy value?
On 18/03/15 21:59, Daniel Kahn Gillmor wrote:
> Hi folks--
>
> I was looking at an old Tails instance i've had around for a while with
> a persistence volume containing ~/.gnupg from back around tails 0.21 or
> so.
>
> i found that talking to the keyservers via "gpg --search dkg" was
> failing.
>
> Looking deeper, i noticed that ~/.gnupg/gpg.conf contained:
>
> keyserver-options http-proxy=http://localhost:8118/
>
> When i changed that to:
>
> keyserver-options http-proxy=socks5://localhost:9050/
>
> Then keyserver searches started working again. It looks to me like that
> value has been there for a long time, though.
>
> Has something changed in tails that would make this value need to
> change?


Yes, we made the switch in Tails 1.2.1, although the old configuration
should have worked until Tails 1.2.3. In Tails 1.3 we removed Polipo
completely, so since then the old configuration wouldn't work at all.

> how do we deal with upgrading configurations stored in
> persistnece across Tails upgrades?


So far we've been documenting required steps in the release notes. For
instance, for this particular change we had this:

    https://tails.boum.org/news/version_1.2.1/#index3h1


It's true that this puts a lot of responsibility on the users. An
automated way to detect changes in a persistent configuration that
probably should be changed + easy UX for users to decide would be nice,
perhaps something like Debian Conffile diff handling when updating a
package (but with a GUI) would do. However, automatically detecting such
changes doesn't look easy at first glance, but proposals for how it can
be done reliably are welcome. :)

Cheers!