add notation to self sig

David Shaw dshaw at jabberwocky.com
Thu Mar 9 20:22:45 CET 2006 

On Thu, Mar 09, 2006 at 02:40:33PM +0100, Peter Palfrader wrote:

> | weasel at simona:~/tmp/gpg$ gpg --edit test1
> [..]
> | Command> notation foo at example.com=
> | No notations on user ID "test1"
> | Adding notation: foo at example.com=
> [..]
> [just doing 'notation foo at example.com' is not allowed.]
> 
> | weasel at simona:~/tmp/gpg$ gpg --list-options show-notations --list-sigs
> | pub   1024D/A12B80B9 2006-03-09 [expires: 2006-03-16]
> | uid                  test1
> | sig 3    N   A12B80B9 2006-03-09  test1
> |    Signature notation: foo at example.com=
> | sub   2048g/7FAFEDE3 2006-03-09 [expires: 2006-03-16]
> | sig          A12B80B9 2006-03-09  test1
> 
> it seems that this part doesn't work.

That's actually a feature.  I didn't explain it too well in the
manual.  Basically the problem is that zero-length notations are legal
in OpenPGP.  So if there was a foo at example.com notation on the sig
already, then foo at example.com= would remove it.  If there was no
foo at example.com notation on the sig already, then foo at example.com=
would be added as a zero-length notation.

Let's make it simpler: I just added the ability to delete notations
directly by using a minus sign prefix like "-foo at example.com".

Given these notations:
  foo at example.com=one
  foo at example.com=two
  foo at example.com=three

if you use "-foo at example.com=one" you'll delete that specific
notation.  If you use "-foo at example.com" you'll delete all three.

> Also, is issuing a notation again with the same key supposed to replace
> an existing notation, or should it - as it does now - add a second
> notation with the same key?

I went back and forth on this a few times, as I can see a good
argument for either replacement or adding a second notation, but
finally went with the current behavior as more flexible.  It's easy
enough to change if it doesn't work out well in the field.  Note that
this only applies to key matches.  Adding a completely matching
notation (both key and value) is skipped.

David

More information about the Gnupg-users mailing list