[Freedombox-discuss] Key Report Published
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> cool, i'm glad to see this work happening! looking at the code, it
> seems to be trying to parse the human-readable output of gpg. that way
> lies madness (and failure, esp. when the locale changes).
>
> You probably want to pass gpg the --fixed-list-mode and --with-colons
> options and parse the machine-readable data as described in
> /usr/share/doc/gnupg/DETAILS.gz
Thanks for pointing me to the details, I've cleaned that up. It was one
of those I-know-its-wrong-but-its-better-written-than-not moments, that
should be fixed.
> Also: checking for primary key expiration is different from checking
> for subkey expiration, and both are different from checking for
> certification expiration. A comprehensive key-report tool might want
> to consider all of those possible forms of expiration.
Right now, it doesn't differentiate between primary and subkeys. If
it's going to expire, we'll tell you it's going to expire. I don't
think that's a simplification that might lead to bad behavior, but I'd
appreciate your thoughts on that.
> in particular, key-report should probably highlight pending (or
> recently-past) expirations that the user can actually do something
> about. (e.g. expirations of keys that the user controls the secret
> key material for, or of certifications issued by the user).
Those'll be highlighted, but right now we don't differentiate between
owned and un-owned keys. Yeah, expiring owned (secret-key material
available) keys should be highlighted.
> another feature idea: key-report might also want to facilitate the
> refresh of soon-to-expire keys from the keyservers.
I'd also like it to understand transition statements, but I haven't even
given thought as to *how* to do that. There're lots of unknowns there.
> Thanks for building this tool, Nick!
No problem, happy to!
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130805/6c6036ae/attachment.sig>
Reply to: