heiko/gpg-publish
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases 3 Packages Wiki Activity Actions

Consider adding no-export-attributes to gpg export options #1

New issue
Open
opened 2026-05-09 12:27:49 +02:00 by heiko · 1 comment
heiko commented 2026-05-09 12:27:49 +02:00
Owner
Copy link

Context

When fetching a key from the local GPG keyring, we currently use:

gpg --export --export-options export-minimal <email>

Adding no-export-attributes would additionally strip User Attributes (photos, etc.) at the GPG level before our programmatic stripping runs.

Size comparison (hs@schlittermann.de key)

Option Size
full (no options) 72,282 bytes
export-clean 25,196 bytes
export-minimal 24,048 bytes
export-minimal,no-export-attributes 18,666 bytes

Trade-offs

Pro: ~5KB smaller input before programmatic stripping. Less data to parse.

Con: Our stripKey() already discards User Attributes programmatically (and warns about them). Adding no-export-attributes at the GPG level means those warnings would no longer appear for keyring lookups — the attributes are silently gone before we see them. This could be confusing if a user expects to see what was stripped.

Decision needed

Should we add no-export-attributes to the GPG export options, accept the silent stripping, and potentially lose the warning? Or keep the current behavior where attributes are stripped programmatically with an explicit warning?

## Context When fetching a key from the local GPG keyring, we currently use: ``` gpg --export --export-options export-minimal <email> ``` Adding `no-export-attributes` would additionally strip User Attributes (photos, etc.) at the GPG level before our programmatic stripping runs. ## Size comparison (hs@schlittermann.de key) | Option | Size | |--------|------| | full (no options) | 72,282 bytes | | `export-clean` | 25,196 bytes | | `export-minimal` | 24,048 bytes | | `export-minimal,no-export-attributes` | 18,666 bytes | ## Trade-offs **Pro:** ~5KB smaller input before programmatic stripping. Less data to parse. **Con:** Our `stripKey()` already discards User Attributes programmatically (and warns about them). Adding `no-export-attributes` at the GPG level means those warnings would no longer appear for keyring lookups — the attributes are silently gone before we see them. This could be confusing if a user expects to see what was stripped. ## Decision needed Should we add `no-export-attributes` to the GPG export options, accept the silent stripping, and potentially lose the warning? Or keep the current behavior where attributes are stripped programmatically with an explicit warning?
heiko commented 2026-05-22 11:38:38 +02:00
Author
Owner
Copy link

AI attribution comment added per repository instruction for this open issue.\n\n(co)authored by ai:gpt-5-codex

AI attribution comment added per repository instruction for this open issue.\n\n(co)authored by ai:gpt-5-codex
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
restructure-library-package
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
heiko/gpg-publish#1
No description provided.