[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for

From: Darshit Shah
Subject: Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Date: Sun, 13 Mar 2022 15:21:13 +0100
User-agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997

On Sun, Mar 13, 2022, at 09:10, Simon Josefsson wrote:
> Darshit Shah <darnir@gnu.org> writes:
>> +   --gpg-keyring-url=URL        URL pointing to the GnuPG Keyring containing
>> +                                the key used to sign the tarballs
> ...
>>  If that command fails because you don't have the required public key,
>>  then run this command to import it:
>> -  gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
>> +  wget -q -O- '$gpg_keyring_url' | gpg --import -
> Hi.  I agree this part of announce-gen is sub-optimal.   There were
> earlier discussions about solutions:
> https://gitlab.com/libidn/libidn2/-/issues/98#note_635780242
> My first reaction was that we should use something like that instead,
> and not your patch.  However given how unreliable the GnuPG parameters
> (different version compatibility, and some reports about bugs) are wrt
> to key servers, I prefer your approach to mention a URL in the
> announcement instead of suggesting --recv-keys or some variant of
> --locate-external-keys.  This also makes it much easier for anyone not
> using GnuPG to locate the OpenPGP key.
> Do you have push access to gnulib, or do you want me to polish up the
> patch and push it?

I don't have push access to gnulib, so could you please push it for me?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]