INN commit: trunk/control (perl-nocem.in)
INN Commit
rra at isc.org
Mon Nov 9 20:36:42 UTC 2020
Date: Monday, November 9, 2020 @ 12:36:41
Author: iulius
Revision: 10391
perl-nocem: document the use of gpg1 to import old PGP keys
Modified:
trunk/control/perl-nocem.in
---------------+
perl-nocem.in | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
Modified: perl-nocem.in
===================================================================
--- perl-nocem.in 2020-11-08 19:45:02 UTC (rev 10390)
+++ perl-nocem.in 2020-11-09 20:36:41 UTC (rev 10391)
@@ -540,7 +540,9 @@
Import the keys of the NoCeM issuers you trust in order to check
the authenticity of their notices. You can do:
- gpg --no-default-keyring --primary-keyring <pathetc>/pgp/ncmring.gpg --import <key-file>
+ gpg1 --no-default-keyring --primary-keyring <pathetc>/pgp/ncmring.gpg \
+ --no-options --allow-non-selfsigned-uid --no-permission-warning \
+ --batch --import <key-file>
chmod 644 <pathetc>/pgp/ncmring.gpg
where <pathetc> is the value of the I<pathetc> parameter set in
@@ -550,10 +552,10 @@
automatically generate the F<ncmring.gpg> file) and make sure the news
user can read this file, once generated.
-For old PGP-generated keys, you may have to use
-B<--allow-non-selfsigned-uid> if they are not properly self-signed,
-but anyone creating a key really should self-sign the key. Current PGP
-implementations do this automatically.
+As a few NoCeM issuers are still using old PGP-generated keys, you
+may have to use B<gpg1> with various legacy options in command-line
+(like in the example above) instead of more recent versions of B<gpg>
+that no longer accept such keys.
The keys of NoCeM issuers can be found in the web site of I<The NoCeM Registry>:
L<http://rosalind.home.xs4all.nl/nocemreg/nocemreg.html>. You can even
More information about the inn-committers
mailing list