INN commit: trunk/control (perl-nocem.in)

INN Commit rra at isc.org
Mon Nov 9 20:36:42 UTC 2020


    Date: Monday, November 9, 2020 @ 12:36:41
  Author: iulius
Revision: 10391

perl-nocem:  document the use of gpg1 to import old PGP keys

Modified:
  trunk/control/perl-nocem.in

---------------+
 perl-nocem.in |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

Modified: perl-nocem.in
===================================================================
--- perl-nocem.in	2020-11-08 19:45:02 UTC (rev 10390)
+++ perl-nocem.in	2020-11-09 20:36:41 UTC (rev 10391)
@@ -540,7 +540,9 @@
 Import the keys of the NoCeM issuers you trust in order to check
 the authenticity of their notices.  You can do:
 
-    gpg --no-default-keyring --primary-keyring <pathetc>/pgp/ncmring.gpg --import <key-file>
+    gpg1 --no-default-keyring --primary-keyring <pathetc>/pgp/ncmring.gpg \
+         --no-options --allow-non-selfsigned-uid --no-permission-warning \
+         --batch --import <key-file>
     chmod 644 <pathetc>/pgp/ncmring.gpg
 
 where <pathetc> is the value of the I<pathetc> parameter set in
@@ -550,10 +552,10 @@
 automatically generate the F<ncmring.gpg> file) and make sure the news
 user can read this file, once generated.
 
-For old PGP-generated keys, you may have to use
-B<--allow-non-selfsigned-uid> if they are not properly self-signed,
-but anyone creating a key really should self-sign the key.  Current PGP
-implementations do this automatically.
+As a few NoCeM issuers are still using old PGP-generated keys, you
+may have to use B<gpg1> with various legacy options in command-line
+(like in the example above) instead of more recent versions of B<gpg>
+that no longer accept such keys.
 
 The keys of NoCeM issuers can be found in the web site of I<The NoCeM Registry>:
 L<http://rosalind.home.xs4all.nl/nocemreg/nocemreg.html>.  You can even



More information about the inn-committers mailing list