Hi, On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote:
... Those were the high-priority changes that needed to be made. If anyone has other suggestions, speak up: I'm listening. :)
A while ago (I can’t find the e-mail anymore) I suggested a few changes that somehow didn’t find their way to the FAQ and then I forgot about them. Allow me to submit them again.
Those changes are all related to the fact that modern (≥ 2.1) GnuPG automatically creates a revocation certificate whenever it creates a new key pair, and stores it in $GNUPGHOME/openpgp-revocs.d.
In section 7,17 (What’s a ‘revocation certificate’?), it’s no longer recommended to create a revocation certificate immediately after generating a new GnuPG certificate. Instead, this section may state that GnuPG already creates one when creating a GnuPG certificate, and that it can be found in $GNUPGHOME/openpgp-revocs.d.
Similarly, section 8.5 (“What should I do after making my certificate”) should no longer say to generate a revocation certificate, but again may indicate where to find the one automatically generated by GnuPG, and advise to store it in a safe place.
In the same section, the subsection “How do I generate a revocation certificate” could be moved elsewhere, as it is no longer something you “should do after making [your] certificate”.
In section 10 (“What are some common bast practices?”), the advice “Generate a revocation certificate and keep it safe” should be removed and optionally replaced by “Keep your (automatically generated) revocation certificate safe”.
Cheers, - Damien
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
