Skip to content

ensure monkeysign works with GPG 2.1, make use of its new features

There is some movement in upstream GPG that could be very beneficial for us. 2.1 has all sorts of improvements that we could use, but also breaks certain things we need to take into account. Here's a meta-ticket to keep track of those issues.

  • secret key material handling: we currently use --secret-keyring ~/.gnupg/secring.gpg (more or less) which will not work with GPG 2.1 - presumably we can talk to the agent for this now, but is that automatic? do we need to remove the --secret-keyring flag? see #50 (closed)
  • formatting changes: some --with-colons output has changed, which we need to catchup with - tobias did some work in b9934b8f to fix Debian #773970, it is unclear if other problems remain
  • 2.1 properly populates revoked and expired fields now, which could fix some problems we're having with revoked and expired keys, e.g.
  • #766129 (monkeysign should not use revoked keys to make signatures)
  • #736548 (monkeysign: Reports "key is expired, cannot sign" on non-expired key)
  • #723763 (monkeysign should not sign revoked uids)
  • other dialog issues: #40, #51 (closed)

see also #8 (closed).

this discussion emerged in Debian #721599.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information