command line parser doesn't fail closed on extraneous / unknown command line parameters

[adrelanos]

_extraneous_ command line parameters

This is confusing.

sudo tlsdate -w -V -n dtsxnd3ykn32ywv6.onion ; echo $?
Tue Oct 14 00:09:13 CEST 2014
0

Because one might think it really fetched time from dtsxnd3ykn32ywv6.onion (example: https://github.com/Whonix/Whonix/issues/351) while it actually fetched from tlsdate's default ptb.de, what one only finds out when using --verbose.

---

_unknown_ command line parameters

Also unknown command line parameters such as -y are ignored.

sudo tlsdate -w -V -n -y

tlsdate: invalid option -- 'y'
Tue Oct 14 00:11:18 CEST 2014

Although it's not silent, I think this is problematic when use in scripts.

---

I think both of those are small security/usability issues. Other *nix tools coming to my mind (ex: grep) report the error, break and exit with a specific exit code. Could you do the same for tlsdate please?

[ioerror]

I'm not really a fan of trying to guess every user's assumptions and
then giving an error when it doesn't match their assumptions. I think
that it reasonable to pass -H foo.com when the user wants to
override the default. /etc/tlsdate/tlsdated.conf makes the default
sync server easy to configure.

In an ideal world, users will run tlsdated and it will handle
everything automatically. It will take a while for us to get there -
but that is my eventual goal.

So in short - I don't think that I want to implement what you've
suggested right now. I'd consider a patch but I'm not too keen on
changing these semantics in the next release or two.