[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Popcon-developers] Encrypted popcon submissions

On Thu, Jul 11, 2013 at 5:15 PM, Daniel Leidert <daniel.leidert@wgdd.de> wrote:
> Am Donnerstag, den 11.07.2013, 15:33 +0200 schrieb Bill Allombert:
> JFTR: The file secring.gpg can be avoided using
> --secret-keyring=/dev/null but I don't know how to suppress the creation
> of trustdb.gpg.

Note that you can't use that for all gpg commands, importing a (public) key
is e.g. not possible with this. You have to create an (empty) file in that
case as e.g. apt-key is doing it.

"Suppressing" trustdb.gpg is even harder as an empty file isn't accepted,
so you have to create a temporary directory gpg can store the file in
(apt-key doesn't as it eats quiet a bit of time if you have a few keys).

And then you have gpg editing keyrings at times ( #687611 ) even if you
just --list-keys which you might be able to stop with --no-auto-check-trustdb
(I haven't had the time to test that yet; and if it really works, I find the
 name a bit strange but I have stopped wondering about such things).

Ignoring time screws (--ignore-time-conflict) might or might not make sense
depending on how much the time is important for the application in general
(doesn't apply to popcon I guess, but in case someone else reads the thread).

Best regards

David Kalnischkies

Reply to: