[Freedombox-discuss] Key Report Published

Nick Daly nick.m.daly at gmail.com
Tue Aug 6 03:04:41 UTC 2013

Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> cool, i'm glad to see this work happening!  looking at the code, it
> seems to be trying to parse the human-readable output of gpg.  that way
> lies madness (and failure, esp. when the locale changes).
> You probably want to pass gpg the --fixed-list-mode and --with-colons
> options and parse the machine-readable data as described in
> /usr/share/doc/gnupg/DETAILS.gz

Thanks for pointing me to the details, I've cleaned that up.  It was one
of those I-know-its-wrong-but-its-better-written-than-not moments, that
should be fixed.

> Also: checking for primary key expiration is different from checking
> for subkey expiration, and both are different from checking for
> certification expiration.  A comprehensive key-report tool might want
> to consider all of those possible forms of expiration.

Right now, it doesn't differentiate between primary and subkeys.  If
it's going to expire, we'll tell you it's going to expire.  I don't
think that's a simplification that might lead to bad behavior, but I'd
appreciate your thoughts on that.

> in particular, key-report should probably highlight pending (or
> recently-past) expirations that the user can actually do something
> about.  (e.g.  expirations of keys that the user controls the secret
> key material for, or of certifications issued by the user).

Those'll be highlighted, but right now we don't differentiate between
owned and un-owned keys.  Yeah, expiring owned (secret-key material
available) keys should be highlighted.

> another feature idea: key-report might also want to facilitate the
> refresh of soon-to-expire keys from the keyservers.

I'd also like it to understand transition statements, but I haven't even
given thought as to *how* to do that.  There're lots of unknowns there.

> Thanks for building this tool, Nick!

No problem, happy to!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130805/6c6036ae/attachment.sig>

More information about the Freedombox-discuss mailing list