Bug#458595: signing-party: caff doesn't offer control over cert-level

Tue, 01 Jan 2008 16:15:43 -0800 

Package: signing-party
Version: 0.4.9-1
Severity: normal
Tags: patch


The caff binary signs keys at the default cert-level. Since the program
is primarily targeted towards meetings where keys are verified with a
higher trust level, it probably makes sense to allow users to configure
the level at which they are signing the key.

I've created a patch to add a config option, default-cert-level, which
is used if it exists, and if it does not, the --ask-cert-level option is
passe to gpg instead, meaning that the signer is asked what level to
sign the key at.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages signing-party depends on:
ii  gnupg            1.4.6-2                 GNU privacy guard - a free PGP rep
ii  libgnupg-interfa 0.33-6                  Perl interface to GnuPG
ii  libmailtools-per 1.74-1                  Manipulate email in perl programs
ii  libmime-perl     5.420-0.1               Perl5 modules for MIME-compliant m
ii  libtext-template 1.44-1.1                Text::Template perl module
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent

Versions of packages signing-party recommends:
ii  libintl-perl                  1.16-1     Uniforum message translations syst
pn  libpaper-utils                <none>     (no description available)
ii  libtext-iconv-perl            1.4-3      converts between character sets in
ii  postfix [mail-transport-agent 2.3.8-2+b1 A high-performance mail transport 
ii  recode                        3.6-12     Character set conversion utility
ii  whiptail                      0.52.2-10  Displays user-friendly dialog boxe

-- no debconf information

Index: caff/caff
===================================================================
--- caff/caff   (revision 360)
+++ caff/caff   (working copy)
@@ -1094,6 +1094,11 @@
                foreach my $local_user (@local_user) {
                        my @command;
                        push @command, $CONFIG{'gpg-sign'};
+                       if (not defined $CONFIG{'default-cert-level'}) {
+                               push @command, "--ask-cert-level";
+                       } else {
+                               push @command, "--default-cert-level", 
$CONFIG{'default-cert-level'};
+                       }    
                        push @command, '--local-user', $local_user if (defined 
$local_user);
                        push @command, "--homedir=$GNUPGHOME";
                        push @command, '--secret-keyring', 
$CONFIG{'secret-keyring'};
Index: caff/caffrc.sample
===================================================================
--- caff/caffrc.sample  (revision 360)
+++ caff/caffrc.sample  (working copy)
@@ -14,6 +14,10 @@
 $CONFIG{'also-encrypt-to'} = [ qw{DE7AAF6E94C09C7F} ];
 $CONFIG{'caffhome'}    = $ENV{'HOME'}.'/.caff';
 
+# If you wish to set a default keysigning cert level, uncomment this option.
+# Otherwise, you will be asked what level to sign at for each key.
+# $CONFIG{'default-cert-level'} = 3;
+
 # The options below need not be changed for normal operation.
 
 # Paths to GnuPG binaries:

Reply via email to