On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton <do...@dougbarton.us> wrote: >> BTW, this is another one of the reasons that I find the ability to have > multiple keyrings useful, and would very much miss that functionality if > it disappeared from gnupg 2.1.
I know Warner has said all this before, but I sometimes think that too few people chime in to say, "yes I agree". The problem with multiple keyrings is that they introduce all sorts of corner cases and unpredictable, ambiguous behaviour. And actually, gpg itself is very quick at handling even very large keyrings. I know that their removal would mean that some people have to adjust how they use gpg, but I am sure that the end of multiple keyrings would actually be for the best, and I think removing them is right thing to do. In fact, just as at the moment the handling of multiple files needs to be explicitly enabled, I would favour seeing an option to explicitly enable or disable multiple keyrings in the current versions, just because I think that unless users take particular care they can be harmful. I *do* see the uses for them. The debian keyring, for example is huge, and it is useful to be able to selectively include it or not in the gpg.conf file. But there more I've thought about this, the more I think that it would be better just to have entirely separate gpg home directories for this sort of purpose. For the case in question, there would be nothing to stop you having a home directory made specifically for a key-signing party, for example, importing your signing key into it and using it as your working directory. '--homedir', not multiple keyrings, seems to me to solve the problem addressed by multiple keyrings for almost all real-world cases. Best wishes, Nicholas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users