"Jonas Karlsson" <[EMAIL PROTECTED]> wrote:
> 1) There's no way to get the key that generated a signature, using gpg.
> 2) Even if one gets the id of the key, there's no way to tell which user
> (i.e. what name) it belongs to without downloading it to a keyring
> 3) The user might not want to import packaging users keys to its default
> keyring.
I can't see why 1 are 2 are needed and 3 is fixable. Why not run gpg like
gpg --no-default-keyring --keyring ~/.gnupg/gobopkg.gpg \
-−keyserver‐options auto‐key‐retrieve --verify ${sig} ${pkg}
?
I can't see how you'd find out name without downloading.
It's a good idea to have a packaging keyring. Maybe later
there will be a gobo keyring server.
Hope that helps,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Somerset, England. Work/Laborejo: http://www.ttllp.co.uk/
IRC/Jabber/SIP: on request/peteble
_______________________________________________
gobolinux-devel mailing list
[email protected]
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
