Fingerprints and Key-IDs - Was: [PATCH] avoid publishing the GnuPG version by default
Ben McGinnes
ben at adversary.org
Sun Aug 7 17:29:18 CEST 2016
On Sat, Aug 06, 2016 at 04:06:04PM +0200, ilf wrote:
>
> So I would propose:
>
> 1. Short term: Add "the fingerprint in a separate line" for all
> --keyid-format values.
I'm fine with this part.
> 2. Gradually deprecate the "keyid-format" option.
>
> 2.a. Mid term: Add a warning to stderr if keyid-format is explicitly set to
> anything but "none". Note this in release notes.
>
> 2.b. Long term: Remove the parameter entirely.
>
> What do you think?
The rest of it is a problem. For all the reasons Werner mentioned,
but also because the current full fingerprint output format (the
default in 2.1) does not include any fingerprint or key ID data to
identify subkeys. Now for those of you with just one master key to
sign everything and one subkey for encryption it may not matter, but
for those of us who use a subkey to sign messages and files with the
master key only used to certify other keys and make changes this is an
issue.
It's also why I've still got keyid-format 0xLONG in my gpg.conf.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: </pipermail/attachments/20160808/681495e5/attachment-0001.sig>
More information about the Gnupg-devel
mailing list