Detection of a revocation certificate prior to import

Daniel Kahn Gillmor dkg at
Tue Apr 12 16:38:39 CEST 2016

On Tue 2016-04-12 08:42:16 -0400, Werner Koch wrote:
> On Tue, 12 Apr 2016 08:24, patrick at said:
>> Using --list-packets works for me:
> Do not use --list-packets to autmate tasks!  That command has no well
> defined semantics and should thus not be used by any tools.

In that case, we could really use an automatable feature that permits
this kind of inspection.

Saying "if a revocation certificate exists, it should be imported"
doesn't account for the use case that Patrick is aiming for: the user is
importing things and considering what to do with them.

We want to actively encourage people to generate and store revocation
certificates, and we should make the workflow (both for generating them
and for consuming them) as user-friendly as possible.  This means not
everyone will understand about removing the leading colon from a text
file, and we want to encourage GUI tools (like enigmail) from being able
to detect them; to explain to the user what the consequences will be if
they import them; to encourage publication to the keyservers; etc...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160412/1fbe99eb/attachment.sig>

More information about the Gnupg-devel mailing list