Re: [Popcon-developers] Encrypted popcon submissions
On Thu, Jul 11, 2013 at 5:15 PM, Daniel Leidert <firstname.lastname@example.org> wrote:
> Am Donnerstag, den 11.07.2013, 15:33 +0200 schrieb Bill Allombert:
> JFTR: The file secring.gpg can be avoided using
> --secret-keyring=/dev/null but I don't know how to suppress the creation
> of trustdb.gpg.
Note that you can't use that for all gpg commands, importing a (public) key
is e.g. not possible with this. You have to create an (empty) file in that
case as e.g. apt-key is doing it.
"Suppressing" trustdb.gpg is even harder as an empty file isn't accepted,
so you have to create a temporary directory gpg can store the file in
(apt-key doesn't as it eats quiet a bit of time if you have a few keys).
And then you have gpg editing keyrings at times ( #687611 ) even if you
just --list-keys which you might be able to stop with --no-auto-check-trustdb
(I haven't had the time to test that yet; and if it really works, I find the
name a bit strange but I have stopped wondering about such things).
Ignoring time screws (--ignore-time-conflict) might or might not make sense
depending on how much the time is important for the application in general
(doesn't apply to popcon I guess, but in case someone else reads the thread).