On Wed, 21 Aug 2013 at 10:40:38 -0400, Joey Hess wrote: > caff seems to have its own hard-coded list of keyservers, rather than using > the same ones I have gpg configured to use. This seems a gratuitous > duplication > of configuration.
An alternative would be to grep ~/.gnupg/gpg.conf for ‘keyserver‘ and
‘keyserver-options’ (which can be required if the keyserver is behind a proxy
for instance) and thread them through each call to gpg. However it's a bit
ugly IMHO, and might not be desirable as some people may want to use a specific
keyserver for massive signing homework.
Perhaps caff should grep for ‘keyserver‘ in ~/.caff/gnupghome/gpg.conf instead,
and fall back to ‘--keyserver pool.sks-keyservers.net’ *only* if the user
didn't specify anything in the configuration file? (Still a bit ugly, but I
can't find another way to achieve backward compatibility.) That way if you
don't want to duplicate the configuration you could always symlink the files
;-)
> Even once I've manually imported the keys I want to sign, and run caff
> with --keys-from-gnupg (which remains misdocumented for > 1 year?!),
> it fails:
> […]
The current behavior is that unless ‘$CONFIG{'no-download'}’ is set (it isn't
by default) keys are automatically refreshed against the ‘$CONFIG{keyserver}’
(defaults to pool.sks-keyservers.net). I guess these keys weren't exported to
the keyserver your caff ended up talking to, right?
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
