On Sun, 19 Nov 2006 14:42:51 +0100, Ricardo Nabinger Sanchez
<[EMAIL PROTECTED]> wrote:
> On Sun, 19 Nov 2006 11:30:52 +0100
> "Jonas Karlsson" <[EMAIL PROTECTED]> wrote:
>
>> > I can't see why 1 are 2 are needed and 3 is fixable. Why not run gpg
>> > like
>> > gpg --no-default-keyring --keyring ~/.gnupg/gobopkg.gpg \
>> > -−keyserver‐options auto‐key‐retrieve --verify ${sig} ${pkg}
>> > ?
>> >
>> Why I wanted 1 and 2 is because I didn't want to autoretrieve the key.
>> Perhaps the above action could be used with a temporary keyring (if the
>> real verification failed) and then ask if the user want to import the
>> key
>> to the gobopkg.pgp?
>
> Sorry, but why mixing the keyring of the "system" with user's? I see
> that a
> different file is used, but I think a Gobo-specific place should be used,
> like /S/S/Gobo or another system-scope path that don't populate some user
> home (even the superuser).
>
Because the user needs write access to it as not everyone is running as
root and keeping the right rights for the user to write to this file (not
residing in home directory) could lead to security issue.
> Also, have you tried the --search-keys option?
>
> % gpg --keyserver pgp.mit.edu --search-keys \
> 0x593D4ACB6F210EECF5521AB041AD67F2726F9854
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: searching for "0x593D4ACB6F210EECF5521AB041AD67F2726F9854" from hkp
> server pgp.mit.edu
> (1) Ricardo Nabinger Sanchez (Basco) <[EMAIL PROTECTED]>
> 1024 bit DSA key 726F9854, created: 2004-07-05
> Enter number(s), N)ext, or Q)uit > q
>
> % gpg --keyserver pgp.mit.edu --search-keys '<[EMAIL PROTECTED]>'
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: searching for "<[EMAIL PROTECTED]>" from hkp server pgp.mit.edu
> (1) Ricardo Nabinger Sanchez (Basco) <[EMAIL PROTECTED]>
> 1024 bit DSA key 726F9854, created: 2004-07-05
> Enter number(s), N)ext, or Q)uit > q
>
I didn't see this, thanks. But the problem with this approach is that then
one has to already know the name, e-mail or fingerprint of the key, but
that's the information I'm looking for in the first place. If one could
use similar function, but with the ID instead, that would be perfect.
--
/Jonas
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
_______________________________________________
gobolinux-devel mailing list
[email protected]
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
