[rt-users] GnuPG output is not very useful
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Tue Oct 28 18:54:24 EDT 2014
Hello, all:
I'm not sure if it's a misconfiguration our part, but when GnuPG options
are enabled in RT, the UI output is not very useful. E.g., here's what
it says for a valid signature:
GnuPG: The signature is good, signed by Foo Bar <foo.bar at example.com>,
trust level is unknown
Here are the reasons it's not useful:
Key validity is not shown
-------------------------
I don't really want to know the owner-trust level (more often than not
it's going to be "unknown"). I want to see what the *key validity* is.
These two concepts are very different, but for signed email sent to the
tracker you want to see *validity* not *owner-trust*.
Key ID is not shown
-------------------
"Foo Bar <foo.bar at example.com>" is not unique. Anyone can create a PGP
key with any name/email they want. What it should show is at least
partial hex keyid.
To clarify:
Each member of my support team is in the RT keyring with their keys
fully trusted (owner-trust: full). Users we support have their PGP key
signed by one of us, and a lot of incoming requests MUST be signed by a
PGP key carrying our signature before we act on them. So:
Me (trust:Full; validity:Full)
User Foo Bar, key signed by me (trust:Unknown; validity: Full)
The pgp output that would be really useful is:
GnuPG: Good signature from Foo Bar <foo.bar at example.com>
Key ID: 0xFFFFFFFF | Validity: Full | Trust: Unknown
I just wanted to check if there's perhaps something we've overlooked in
the configuration that would let us make output resemble something like
that.
Best,
--
Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec
More information about the rt-users
mailing list