On Fri, 2013-09-13 at 17:54 -0400, Antoine Beaupré wrote: > On 2013-09-13 17:04:04, Philip Jägenstedt wrote: > > Hi, > > Hi! > > Thanks for your bug report. > > > I have ask-cert-level in my gpg.conf since I use both levels 0 and 3. > > Since monkeysign runs gpg with --batch the default level is used. > > If one (temporarily) puts default-cert-level in gpg.conf one can > > control which level will be used. However, there's no indication > > while signing which level is used, and I very nearly sent off > > signatures at the wrong level before I thought to double-check. > > This does seem like a bug, although it seems to me that gpg should > prompt us, as it already prompts us for a bunch of stuff when signing, > regardless of --batch...
In the gnupg source tree file g10/keyedit.c it's clearly intentional that it doesn't ask in batch mode, so I guess that's just the way it is. > > I suppose one of these might solve the problem: > > > > 1. detect the precense of ask-cert-level in gpg.conf and prompt > > for it in ui.py (kind of icky) > > indeed. > > > 2. add a command line option to simply set the cert level > > that seems like a good option. > > > 3. always ask > > i would be against that, although in another bug report, we discussed > the possibility of adding commandline options to prompt for certain > things. Then we could do --prompt=cert-level, for example. > > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720052 for that. > > > I think I'd be able to implement any of these, if any of these > > changes would be welcome. > > #2 would indeed be welcome! OK, I'll prepare a patch! Philip
signature.asc
Description: This is a digitally signed message part
