[PATCH 5/5] gpg: Fix regexp sanitization.

Neal H. Walfield neal at walfield.org
Wed Jul 19 15:45:35 CEST 2017


At Wed, 19 Jul 2017 15:07:22 +0200,
Damien Goutte-Gattat wrote:
> > I don't see how and why we should do any sane sanitization at all.
> 
> For what is worth, I tend to agree. But I won't pretend I have
> seriously considered all the implications.

I think trust signatures are very useful from an organizational
perspective, but are completely under used.

I think it is worth exploring what the implications of any change in
behavior are.  A good start would be finding all trust sigs with a
non-empty regex in a key server dump so that we can see how people are
actually using them in practice.  (I suspect there aren't that many.)


Thanks,

:) Neal



More information about the Gnupg-devel mailing list