On Sun, Sep 14, 2008 at 06:32:14PM -0400, Daniel Kahn Gillmor wrote: > This is a significant problem for me as well. > > There are reasonable circumstances where a system administrator would > want users to always have access to a system-maintained keyring. The > users should of course also have no problems simultaneously > manipulating and updating their own user-controlled keyring. I agree. However the bug you've followed up to is assigned to the debian-keyring package, whereas the issue really seems to be gpg's behaviour.
I think GPG probably wants to do something like: 1 GPG should understand about read-only keyrings. 2 Read/write keyrings should be checked for keys before read-only keyrings. 3 If a key in a read-only keyring is updated then the result should be written to a read/write keyring (which will then take precedence over the read-only one thanks to 2) Also possibly it should be reading all keyrings always for keys and combining them, which would allow the system keyring to be updated and users who've updated keys contained in it to automatically get more updates. Or maybe it should just look at read-only keyrings for a --recv-key. Having had a look at the bugs on gnupg I think 38857 and 48077 are worth a look. It's interesting that Werner Koch is saying in 38857 that the ability to have multiple keyrings will be dropped in the future, though this was back in 2005. J. -- "I will not send lard through the mail." - Bart's Blackboard This .sig brought to you by the letter C and the number 24 Product of the Republic of HuggieTag
signature.asc
Description: Digital signature

