On Thursday 05 August 2010 20:01:19 Max Bowsher wrote: > Some points: > > 1) Some users will love this feature, because it provides a get-out for > having a current GPG key with a silly user-id. However, some may find it > annoying/surprising. > > Plus, the current user experience when uploading to a PPA without a > generated GPG key is very sub-optimal - your first upload is published > unsigned, and the PPA is not signed until it is republished after key > generation has finished.
We should probably delay publishing until there's a key generated. The the reason we don't just generate a key when the PPA is opened is because we don't want to fill keyservers with junk keys. Given your last comment in this email that sounds even more reasonable :) > Therefore, this feature ought to at least be warned about in the PPA > deletion confirm page - if not made optional. Sounds sane. > 2) Publishing a revocation is mutually contradictory with removing the > key from the keyserver :-) Yeah I realised that about 1 millisecond after hitting send :) > 3) You can't remove a key from the global keyservers network - even if > you remove it from one, they'll sync with each other, and re-propagate it. Eugh. :/ Cheers J _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
