[rt-users] GnuPG output is not very useful

Konstantin Ryabitsev konstantin at linuxfoundation.org
Tue Oct 28 18:54:24 EDT 2014

Hello, all:

I'm not sure if it's a misconfiguration our part, but when GnuPG options
are enabled in RT, the UI output is not very useful. E.g., here's what
it says for a valid signature:

GnuPG: 	The signature is good, signed by Foo Bar <foo.bar at example.com>,
trust level is unknown

Here are the reasons it's not useful:

Key validity is not shown
I don't really want to know the owner-trust level (more often than not
it's going to be "unknown"). I want to see what the *key validity* is.
These two concepts are very different, but for signed email sent to the
tracker you want to see *validity* not *owner-trust*.

Key ID is not shown
"Foo Bar <foo.bar at example.com>" is not unique. Anyone can create a PGP
key with any name/email they want. What it should show is at least
partial hex keyid.

To clarify:

Each member of my support team is in the RT keyring with their keys
fully trusted (owner-trust: full). Users we support have their PGP key
signed by one of us, and a lot of incoming requests MUST be signed by a
PGP key carrying our signature before we act on them. So:

Me (trust:Full; validity:Full)
User Foo Bar, key signed by me (trust:Unknown; validity: Full)

The pgp output that would be really useful is:

GnuPG: Good signature from Foo Bar <foo.bar at example.com>
       Key ID: 0xFFFFFFFF | Validity: Full | Trust: Unknown

I just wanted to check if there's perhaps something we've overlooked in
the configuration that would let us make output resemble something like

Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec

More information about the rt-users mailing list