Bug list update, 02.12.2002

Miguel Coca e970095@zipi.fi.upm.es
Tue Dec 3 17:33:02 2002


--FCuugMFkClbJLl1L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 03, 2002 at 12:51:01 +0100, Markus Gerwinski wrote:
> Default key deleted: OK... but for the average user, this is still a bit
> confusing, I fear. Maybe it would be better to warn the user when deleting
> the default key resp. when it's going to expire?
>=20
> Suggestion:
>  - When the default key is going to expire the same week or so, GPA shows=
 a
>    warning on startup (with the possibilities to set a new expiration tim=
e or
>    alternatively choose/create another default key).

We shouldn't encourage users to change the expiration date of their keys
(unless maybe in advanced mode). The "expire" command in --edit-key only
changes the primary key, not any encryption subkeys you may have.

Other than that, a reminder for that situation may be a good idea. Add it to
the "feature request" list :-)

>  - When the user's deleting the default key, the warning about that could
>    offer him the possibility to choose/create another default key.

If someone deletes the default key, I think we should assume he knows why
he's doing it :-) And, anyway, he'll be reminded to create a new one when
the program restarts and no secret key is found (well, it should... doesn't
seem to work right now).

> > >  * File/Check: Signatures are found, but now _always_ denoted as "val=
id",
> > >    regardless of the key's owner trust.
> > Do you mean the owner trust or the key validity? A signature is valid if
> > it's good and they key is valid (known to belong to the person mentione=
d in
> > the user name, via the web of trust). Owner trust is a different concept
> > altogether.
>=20
> ??? On 28 Nov, you wrote:
>=20
> > Validity is what used to be called "Key trust". We only consider valid =
keys
> > [...]
>=20
> Ah, wait a moment... Was I mixing up "key trust" and "owner trust" here?

Yes, I think so. Which only shows how fortunate the change to "validity"
was, if even some of the developers get confused :-)

> Could you give me the source file/line where the key trust of a given key=
 is
> calculated?

That happens somewhere inside gpg. If you want a description of the model
used, you can take a look at the GPH:

        http://www.gnupg.org/gph/en/manual.html#AEN335

> > You can also add that there is currently no way to get into advanced UI
> > mode (I'll try to fix it next).
>=20
> How is the advanced UI mode defined?

Mostly it affects the options you get in some dialogs. But it could mean
whatever we want it to mean (back in 0.4 and 0.5 it affected which trust
values you'd see, for example).

> > BTW, wouldn't it be easier for everybody to have some kind of bug datab=
ase
> > where we can manage this? Is there something like that planned for GnuP=
G in
> > general?
>=20
> Good idea! Maybe we could set up something on http://www.gnupg.org for th=
at
> matter?

There seems to be a Debian BTS for gpa at:

        http://bugs.guug.de/db/pa/lgpa.html

With some bugs reported by Werner almost two years ago and a lot of spam :-)

Werner, is this place where mail sent to bug-gpa@gnupg.org arrives? Is this
"official" or just for your use?

We could try to use that, although I'd rather have a bugzilla or similar. Or
maybe we could register a GPA project at savannah.gnu.org and use their bug
tracking database.

Regards,
--=20
Miguel Coca                                         e970095@zipi.fi.upm.es
PGP Key 0x27FC3CA8                         http://zipi.fi.upm.es/~e970095/

--FCuugMFkClbJLl1L
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE97NzpjE3Htif8PKgRAi6dAKDNmSDDEqcLYWBhJyyYxVC7MmFaJgCgnray
7MS4cxWbKiuEJTUqwS8AmVE=
=3Z7S
-----END PGP SIGNATURE-----

--FCuugMFkClbJLl1L--