Hi, Maxime Devos <[email protected]> skribis:
> On 09-08-2022 23:07, Ludovic Courtès wrote: >> Hello, >> >> As Tobias explains at >> <https://mail.gnu.org/archive/html/help-guix/2022-08/msg00073.html> and >> as can be seen from ‘.guix-authorizations’, the (guix openpgp) and (guix >> git-authenticate) machinery reports the fingerprint of subkeys on >> signatures (when subkeys are used) rather than the fingerprint of >> primary keys. >> >> This should be changed to report primary keys, at least optionally. > > Why should it be changed? IIUC .guix-authorizations and (guix ...) > care about the key that things were signed with, not necessarily the > primary key, so it seems to me that it needs to report the subkey > fingerprint, not the fingerprint of the primary key it belongs to, as > the primary key is irrelevant to them IIUC. Yes, I kinda agree, but… the motivation here is that OpenPGP user interfaces don’t normally refer to subkey fingerprints; instead they refer to primary key fingerprints, even if you use a subkey, which is the point of subkeys AIUI. That Guix treats subkeys differently is confusing to seasoned OpenPGP users. Ludo’.
