[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for
Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Sun, 13 Mar 2022 15:21:13 +0100
On Sun, Mar 13, 2022, at 09:10, Simon Josefsson wrote:
> Darshit Shah <email@example.com> writes:
>> + --gpg-keyring-url=URL URL pointing to the GnuPG Keyring containing
>> + the key used to sign the tarballs
>> If that command fails because you don't have the required public key,
>> then run this command to import it:
>> - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
>> + wget -q -O- '$gpg_keyring_url' | gpg --import -
> Hi. I agree this part of announce-gen is sub-optimal. There were
> earlier discussions about solutions:
> My first reaction was that we should use something like that instead,
> and not your patch. However given how unreliable the GnuPG parameters
> (different version compatibility, and some reports about bugs) are wrt
> to key servers, I prefer your approach to mention a URL in the
> announcement instead of suggesting --recv-keys or some variant of
> --locate-external-keys. This also makes it much easier for anyone not
> using GnuPG to locate the OpenPGP key.
> Do you have push access to gnulib, or do you want me to polish up the
> patch and push it?
I don't have push access to gnulib, so could you please push it for me?