On 7/7/20 4:39 AM, Pavel Sanda wrote: > On Mon, Jul 06, 2020 at 02:30:57PM -0400, Richard Kimberly Heck wrote: >> Could we use the private key to put some kind of signature into the >> header, along with an indication of what key is needed to verify it? > We could just store in the header ascii-armorized signature from pgp > of the .lyx file (without this section) and perhaps store fingerprint > which would help with importing the public key of person who signed it. > > We should be however cautious whether we would automatize key > retrieval - I would let the user handle the key retieval business > on his own. There old keyservers are half-way broken method nowadays > and many projects use different ways of distributing keys.
Yes, I was thinking NOT to automate that. People would need to import keys manually if they wanted to do that. We could pop some kind of message about what key needed importing. The idea here is just to make it possible to mark documents as "safe", not to make it easy to mark them as "safe". (I'm imagining some exploit that makes LyX import the key of the attacker....) Riki -- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel