Quoting Stanislav Brabec <sbrabec@suse.cz>:
Dominique Leuenberger a.k.a DimStar wrote:
For 'reviews' of the entire thing, it would be mandatory for obs webui and osc to be able to 'show/decode' the information in the .keyring...
"My" format of keyring contains the keyring list in the text form.
There is an easy automatic way to check, that it matches the armored blob contents:
~/OSC/home:sbrabec:gpg-offline-verify/vsftpd> gpg-offline --review --offline --keyring vsftpd.keyring pub 1024D/3C0E751C 2004-06-29 uid Chris Evans <chris@scary.beasts.org> sub 1024g/0A9EB17D 2004-06-29
Without verifying this against an upstream published key, it's still void information... so I do expect the first-time effort to get this in rather big. I think what I like least about it is that an entire app stack (does kde publish gpg sigs?) might end up with the same .keyring over and over... but as I don't maintain that many packages that publish gpg sigs, I think I don't really mind it :) Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org