On 2013-09-13 17:04:04, Philip Jägenstedt wrote:
> Hi,

Hi!

Thanks for your bug report.

> I have ask-cert-level in my gpg.conf since I use both levels 0 and 3.
> Since monkeysign runs gpg with --batch the default level is used.
> If one (temporarily) puts default-cert-level in gpg.conf one can
> control which level will be used. However, there's no indication
> while signing which level is used, and I very nearly sent off
> signatures at the wrong level before I thought to double-check.

This does seem like a bug, although it seems to me that gpg should
prompt us, as it already prompts us for a bunch of stuff when signing,
regardless of --batch...

> I suppose one of these might solve the problem:
>
> 1. detect the precense of ask-cert-level in gpg.conf and prompt
>    for it in ui.py (kind of icky)

indeed.

> 2. add a command line option to simply set the cert level

that seems like a good option.

> 3. always ask

i would be against that, although in another bug report, we discussed
the possibility of adding commandline options to prompt for certain
things. Then we could do --prompt=cert-level, for example.

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720052 for that.

> I think I'd be able to implement any of these, if any of these
> changes would be welcome.

#2 would indeed be welcome!

A.

-- 
Les écrivains qui ont recours à leurs doigts pour savoir s'ils ont leur
compte de pieds ne sont pas des poètes, ce sont des dactylographes.
                        - Léo Ferré, "Préface"

Attachment: pgp3MaY10vlbV.pgp
Description: PGP signature

Reply via email to