On Thu 2016-07-14 04:42:40 +0200, Jeffrey Stedfast wrote:
Encrypting and Verifying should use --batch --yes from what I can tell. The other operations do not, probably because it broke gpg 1.x somehow (maybe --batch --yes was too aggressive in feeding "yes" to all requests for gpg's input requests?). Of course, it's also possible that I was over optimizing... If it's always safe to pass --batch --yes to gpg, then I have no problem enabling that code always.
it's always safe to pass --batch to gpg -- that's the expected situation
when calling it from other code where the process's stdio might not be
exposed to human supervision:
--batch
--no-batch
Use batch mode. Never ask, do not allow interactive commands.
--no-batch disables this option. Note that even with a filename
given on the command line, gpg might still need to read from
STDIN (in particular if gpg figures that the input is a detached
signature and no data file has been specified). Thus if you do
not want to feed data via STDIN, you should connect STDIN to
‘/dev/null’.
I'm not as sure about --yes, though. Since we don't know for sure what
questions are likely to be asked, it seems troubling to just assume that
the default is "yes". It would be nice for gpg to just make the right
choice under --batch and maybe feed us status information about what
questions it would have asked had it been able to do interactive
prompting, but i'm not sure how to do that.
In any case, i recommend "--batch" by default at least.
--dkg
Attachment:
signature.asc
Description: PGP signature