On 2016-08-01 18:09:00, Antoine Beaupré wrote: > On 2016-08-01 18:01:41, Jerome Charaoui wrote: >> Le 2016-08-01 à 17:55, Antoine Beaupré a écrit : >>> On 2016-07-16 18:57:10, Jerome Charaoui wrote: >>>> Alas, the previous patch is insufficient as monkeysign halts on a >>>> KEYEXPIRED error which occurs later on, probably when it's attempting to >>>> cleanup uids. >>>> >>>> I'm pondering whether we should instead patch expect_pattern() to always >>>> ignore KEYEXPIRED and SIGEXPIRED messages. >>>> >>>> Would this be detrimental in other keysigning scenarios? >>> >>> I don't know. >>> >>> I wonder if the simplest approach here would simply be to avoid >>> exporting / importing expired material... >> >> That approach would indeed be simpler, however it would make monkeysign >> useless when used on keys which have an expired subkey, which imo is not >> an insignificant subset of keys. > > I meant filtering out expired subkeys. > >> Furthermore, according to GPG's own documentation, the KEYEXPIRED is not >> a useful status message: >> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=645814a4c1fa8e8e735850f0f93b17617f60d4c8;hb=refs/heads/STABLE-BRANCH-2-0#l367 > > Madness. But yeah, this does seem to say KEYEXPIRED should be ignored...
Another approach here was implemented by the geysigning people, which should be considered: https://github.com/muelli/geysigning/commit/5d672f643b7399ce8ab34528ca3ec7a1b0eb5ffb I wonder if that would be sufficient? A. -- The greatest crimes in the world are not committed by people breaking the rules but by people following the rules. It's people who follow orders that drop bombs and massacre villages. - Bansky
