Hi, Silvio Rhatto wrote (14 Mar 2014 20:43:23 GMT) : > I am looking for a sponsor for release 0.3.2-1 of "keyringer".
Great! Here's a quick code review of the changes since 0.2.9. I'm not convinced that the key expiry check does not introduce more severe regressions than it improves the UX. Let's see: * Does it support the case when I have multiple keys for a given recipient in my keyring, and e.g. one is expired, but the one that should be used is not? * It seems that all subkeys (regardless of their intended usage) must *not* be expired, else keyringer errors out. This won't work with people who change their encryption subkey on a regular basis, will it? * Why try to check this ourselves at all, while GnuPG will do it anyway (and likely in a more correct way)? > + candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e > '.asc$'`) This seems fragile to me. How about passing find something like '"-name "*$i*.asc"' instead? Same concerns in lib/keyringer/actions/find. > + echo "Could not find exact match \"$1\", please chose one of the > following secrets:" s/exact match/exact match for/ s/chose/choose/ > +Alis to clip action. >+: Alis to clip action. s/Alis/Alias/ > +If you're using debian `jessie` or `unstable`, just run s/debian/Debian/ > +# If you run it more than that interval, no canary will > +# be updated. "more than once in this time span", maybe? > +# - Can optinally be included in another git repository > +# (encrypted or plain+signed), commited and pushed Ask your preferred spell checker :) > +# - Then, add the following at your ~/.profile or wherever you want your > canary > +# be called from: "keyringer <keyring> canary". s/at your/to your/ It's unclear to me what "calling a canary" means in this context. Clarify? In a few places, s/GPG/GnuPG/ > + echo "Please check for this key or fix the recipient file." s/check for/retrieve this key yourself/, maybe? > + gpg --batch --refresh-keys "$recipient" I'm not sure this really does what you mean here. At least the GnuPG manpage does not talk about it. Perhaps use --recv-keys for better clarity? > + keyringer_exec git "$BASEDIR" gc --prune=all Potentially losing user's data feels quite wrong, in an action called "check", and documented as "Run maintenance checks in a keyring". > + echo "Fatal: please set the full GPG signature hash for key ID > $recipient:" I'm afraid "GPG signature hash" is unclear to most people. Just say "OpenPGP fingerprint" instead? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
