Re: Bug#273756: ITP: gpgmailsign -- sign and mail gnupg keys
Re: Rob Bradford in <[🔎] 20040930111305.GD3823@ares.internal.robster.org.uk>
> > This script takes PGP/GnuPG keys keys, strips off non-self signatures, and
> > signs. Each UID is signed separately, encrypted, and mailed to the email
> > address in the UID to check the validity of the address.
> > .
> > http://www.df7cb.de/projects/gpgmailsign/
>
> In my opinion I don't think this package should be included, since it is only a
> small script and their are lots of complicated trust issues involved. I suggest
> you make sure that someone can just pop the perl script into ~/bin/ and it
> should just work. Many people have made their own versions of this script and I
> don't think it would be right to include one in the archive. In my opinion this
> is unreasonable bloat given that the archive is already bulging at the seams.
Hi,
it's not that simple. The gnupg interface is hard to work with, and
gpgmailsign needs expects scripts besides the main perl script. Besides
that, the ~/bin/ argument applies more or less to every
"unpack-configure-make-make_install" package. (Of course gpgmailsign's
install path needs to be rewritten before I'll package it.)
Afaik, Debian currently does not include any package that provides that
functionality; the only other I know of (caff by Peter Palfrader) needs
an experimental+patched gnupg version to work, so I still think
gpgmailsign should be packaged.
I tried to write it in such a way that the user can check the messages
that get sent out before if he wants to, so no undesired signatures leak
out.
Christoph
--
cb@df7cb.de | http://www.df7cb.de/
Reply to: