http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4790
Summary: sa-update should not use ~/.gnupg
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: major
Priority: P5
Component: Tools
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
The more I think about it, and the more I use it, the less happy I am with
sa-update using the user's own keyring to verify update package integrity.
1. RPM and apt all take the approach of using their own GPG keyrings to track
signing keys.
2. Interaction with ~ is troublesome when tools like "sudo" are used, since
"sudo" uses the caller's home dir (e.g. if jm runs "sudo sa-update", the
keyring in "/home/jm/.gnupg" is used.) This means that different users using
"sudo sa-update" may see different results.
I propose that we
1. establish a new directory under the local_rules_dir (/etc/mail/spamassassin)
which holds the keyring
2. provide an "sa-update" switch to import new keys using "gpg --import"
3. (optionally) provide a default key in /usr/share/spamassassin , which
"sa-update" will auto-import if the keyring doesn't already exist.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
