-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 17-08-14 09:50 PM, Duane Whitty wrote: > > > On 17-08-14 08:50 PM, Daniel Kahn Gillmor wrote: >> On Mon 2017-08-14 19:03:19 -0300, Duane Whitty wrote: >>> I did not and still do not want to import the oracle_vbox >>> public key into my key ring. I am happy to download it and >>> check it each time. > >> I think this is an interesting choice, but i don't understand >> why you've made it. Can you say more about why you don't want >> to import the key, and why you prefer to fetch it each time? > I perceive keys in my keyring as being ones I trust because of > out-of-band confirmation and used for two-way communications. I > think the VirtualBox key is just to give people assurance that they > are downloading what they intended to download from the source > they expected, in this case via apt or apt-get, etc. from an Oracle > repo. > > >>> Before I go down the road on offering an opinion on how the >>> man page should be "fixed" (maybe it's not really broken) can >>> you explain why it would be bad to let gpg generate and display >>> the fingerprint of a key in an ascii armoured file? > >> I'm not saying it's "bad" -- it's just not what --fingerprint >> does. > >> --fingerprint List all keys (or the specified ones) along with >> their fingerā prints. This is the same output as >> --list-keys but with the additional output of a line with the >> fingerprint. May also be combined with --list-signatures or >> --check-signatures. If this command is given twice, the >> fingerprints of all secondary keys are listed too. This >> command also forces pretty printing of fingerprints if the keyid >> format has been set to "none". > >> So it's like --list-keys, which says: > >> --list-keys -k --list-public-keys List the specified keys. If >> no keys are specified, then all keys from the configured >> public keyrings are listed. > > >> in other words (or maybe it's not as explicitly stated as it >> should be), "list all the keys in your keyring that match the >> specification". This command is not intended for listing >> fingerprints of keys that come in on stdin, or of an external >> file. > > To me that reads as "if you provide a key then the fingerprint for > that key will be provided otherwise your keyring will be used". > Thanks for correcting my understanding. >> That said, you could combine it with: > >> --no-default-keyring --keyring /path/to/file.gpg > >> (as long as the file wasn't ascii-armored, and as long as you >> weren't concerned about updating your trustdb by accident, etc). >>> Again, i'm not saying this is particularly user-friendly, i'm >>> just >> trying to help you understand the current state of the tool. > >> If you have specific suggestions for how to improve the tool, >> please suggest them! >>> --dkg > > > I'm not exactly sure what a good suggestion would be. Would it be > correct to say that going forward usability changes would probably > be more likely to happen in the 2.1 branch? If so I guess I > should upgrade to the 2.1 branch. > > I can say that what I usually end up being challenged by is > importing keys into my keyring and on being able to choose which > UID I want to sign with. Maybe that just means I don't know the > software well enough. > > For instance, last night I wanted to add a friend's new public key > to my keyring. Gpg wouldn't add the key based on his email. I had > to use his email to search the key server and then use the > fingerprint of his new key to add it to my keyring. > > The approach I took was "gpg2 --search u...@domain.com" and "gpg2 > --recv-keys key-fingerprint". Then I did a "gpg2 --edit-key > key-fingerprint" to sign the key with my default UID. I thought I > would get a menu to select options from when I used --edit-key but > instead I was presented with the prompt "gpg>" and I had to type > the sign command. It worked but I might have chosen to sign the > key with a key from a different UID. Not sure if my method of > importing to my keyring and signing the new public key was the > usual or easiest method but it worked. > > Not sure there's actually a suggestion for improvement in there > :-) but you've given me a lot to consider and digest. Sincerely, > thanks! I love learning this stuff. > > > Best Regards, Duane > > Actually one suggestion, the way options and commands are specified look the same. It might make things clearer if there was a difference in the way they are expressed on the command line. Perhaps keep the "--" for options and enter commands without the "--". Best Regards, Duane - -- Duane Whitty du...@nofroth.com -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZkkpvAAoJEOJfpr8UVxtkpsIH/2qGLUDNqwNMvkN+ItQw4/YZ KBhnNxomzScrGzJXN9xZ1xH5Ha0FIGZgMzYxiAA/uWU4mgkurCDpESirTxffaTBp ahuSx6EYFre4JJdYzD/3zdVMws/fSacFZ18+ODbrfo40T1VSExHcO2yVGH5SDZg+ zxvPg0jM0QrFw276eSj3uwyn9nwBKXpGAtYcW/oE7plmDvimqob0AbuNQ7AvHwKS +Uw4+JkMRTULd6WaUCFGOswTXXMogwpYCFxfI4m8XcVk9Fwd9/JS5ShJEjjyg+fJ ewuL1LcrtWa0ZTdbiAVu5S1kIOd98DcIvLud5rJ8jWHIPOOW5CsdFE9VHgsMf/k= =aT8M -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users