coping with unknown keywords on --status-fd
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 15 23:39:43 CEST 2016
Is it safe for a program that is interacting with GnuPG to ignore status
keywords that it gets but doesn't understand?
an application should always be prepared to see new
keyworkds or more arguments in future versions.
(i think that means "keywords", but i missed it in my recent spelling
What does "prepared to see" mean? does it mean "can safely ignore" ?
Is this always going to be the case? If so, can we commit to it
explicitly in DETAILS?
Recent versions of GnuPG emit KEY_CONSIDERED status lines, which does
seem like it could be safely ignored.
But consider the situation where a list of keys that are known to be bad
is introduced (imagine someone publishes corresponding secret key
material, based on a bad system RNG in some OS). If GnuPG were to have
access to such a blacklist, i can imagine a future version of GnuPG
emitting a new status line like KEY_KNOWN_BAD, during signature
validation, but this would not be safe to ignore.
Or, would GnuPG emit a BADSIG instead of of a VALIDSIG in this case, in
addition to a new KEY_KNOWN_BAD line?
The clearer we are about what the project commits to going forward, the
less brittle and more forward-compatible any downstream dependencies
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 930 bytes
Desc: not available
More information about the Gnupg-devel