[rt-users] GnuPG output is not very useful

Konstantin Ryabitsev konstantin at linuxfoundation.org
Tue Oct 28 18:54:24 EDT 2014


Hello, all:

I'm not sure if it's a misconfiguration our part, but when GnuPG options
are enabled in RT, the UI output is not very useful. E.g., here's what
it says for a valid signature:

GnuPG: 	The signature is good, signed by Foo Bar <foo.bar at example.com>,
trust level is unknown

Here are the reasons it's not useful:

Key validity is not shown
-------------------------
I don't really want to know the owner-trust level (more often than not
it's going to be "unknown"). I want to see what the *key validity* is.
These two concepts are very different, but for signed email sent to the
tracker you want to see *validity* not *owner-trust*.

Key ID is not shown
-------------------
"Foo Bar <foo.bar at example.com>" is not unique. Anyone can create a PGP
key with any name/email they want. What it should show is at least
partial hex keyid.

To clarify:

Each member of my support team is in the RT keyring with their keys
fully trusted (owner-trust: full). Users we support have their PGP key
signed by one of us, and a lot of incoming requests MUST be signed by a
PGP key carrying our signature before we act on them. So:

Me (trust:Full; validity:Full)
User Foo Bar, key signed by me (trust:Unknown; validity: Full)

The pgp output that would be really useful is:

GnuPG: Good signature from Foo Bar <foo.bar at example.com>
       Key ID: 0xFFFFFFFF | Validity: Full | Trust: Unknown

I just wanted to check if there's perhaps something we've overlooked in
the configuration that would let us make output resemble something like
that.


Best,
-- 
Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec



More information about the rt-users mailing list