Bug#594907: ITP: kspsig -- Key Signing Party signature verification tool
On 08/30/2010 04:34 PM, Joerg Jaspert wrote:
> And this needs an own package because of ________________________
>
> Sounds like it should be in signing-party instead.
Indeed it very well may want to be part of signing-party when
it grows up... The primary rationale for it being separate now
includes:
1. As this tool is making assertions about signature strength which
important to our web of trust it is recommended that this
tool get peer testing and review on it's own (as to avoid
versioning signing-party at this early stage).
2. It has been suggested that the correct implementation of
this tool is to read the keyring directly -- instead of using
gpg -- in which case the implementation may change significantly.
If these goals should be accomplished without creating a
separate package I would be happy to pursue that approach.
Respectfully,
--Tom
Reply to: