Hi GnuPG folks, The current version of the FAQ recommends creating a revocation certificate at several places.
§ 7.17
"We recommend you create a revocation certificate immediately
after generating a new GnuPG certificate."
§ 8.5
"What should I do after making my certificate?
Generate a revocation certificate"
§ 10
"What are some common best practices?
[...] Generate a revocation certificate"
However, since GnuPG 2.1 a revocation certificate is now
automatically generated by GnuPG at the same time a new key pair
is created, and stored in $GNUPGHOME/openpgp-revocs.d.
Therefore the above recommendations should either be removed or at
the very least amended to explain that they are only necessary
with GnuPG < 2.1.
FWIW, I believe they should be removed completely. Rationale: It
has already been decided three years ago not to mention GnuPG 1.4
in the FAQ [1]. Since then, GnuPG 2.0 has been end-of-lifed and so
in my opinion should not be mentioned either. Thus the FAQ should
only focus on "modern" GnuPG (>= 2.1). And with modern GnuPG there
is no need to recommend to generate a revocation certificate.
On the same topic, the answer to the question "How do I generate a
revocation certificate?" (§ 8.5) should be amended to explain that
such a revocation certificate may already have been generated.
("May", because it is possible the user asking this question has
generated his or her key a long time ago, using an older version
of GnuPG.)
Comments are welcome.
Cheers,
Damien
[1] https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054172.html
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
