On Thu, 2008-12-11 at 22:29 +0100, Karsten Bräckelmann wrote: > On Thu, 2008-12-11 at 13:32 -0700, LuKreme wrote:
> > Not at all, I KNOW where the gpg.key came from, because I downloaded > > it. And it came from the same server as the rules are coming. > > The KeyID is coming from who knows where. > > No. It is part of the key. We've covered that basic GPG intro already. > Also, usually, the instructions for third-party rules telling you about > the entire sa-update command to run are located on the same server as > you got the key from. Yeah, that's "who knows where" alright... > > I'm just saying the current state of the documentation on this is > > poor, requires a level of implicit trust of the -gpgkey value that > > should not be necessary with gpg keys, and it down-right confusing to > > anyone looking at it for the first time who is not willing to simply > > plug-n-play with someone else's config. > > ...or read the documentation. > > This is Open Source. Patches accepted. Yes, documentation patches > accepted. Wait, there are lots of docs in a *wiki*... Just do it, no > patch required. FWIW, here would be a good place to start. http://wiki.apache.org/spamassassin/RuleUpdates And yes, it does explain what the sa-update --gpgkey option does, and what it is used for. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
