Re: [PATCH 2/2] t/t7510-signed-commit.sh: add signing subkey to Eris Discordia key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michał Górny <mgorny@xxxxxxxxxx> writes:

>> It's my understanding that GnuPG will use the most recent subkey
>> suitable for a particular purpose, and I think the test relies on that
>> behavior.  However, I'm not sure that's documented.  Do we want to rely
>> on that behavior or be more explicit?  (This is a question, not an
>> opinion.)
>
> To be honest, I don't recall which suitable subkey is used.  However, it
> definitely will prefer a subkey with signing capabilities over
> the primary key if one is present, and this is well-known and expected
> behavior.
>
> In fact, if you have a key with two signing subkeys A and B and it
> considers A better, then even if you explicitly pass keyid of B, it will
> use A.  To force another subkey you have to append '!' to keyid.
>
> Therefore, I think this is a behavior we can rely on.

I didn't check how the signing key configuration is done in the test
sript (which is outside the patch context), but do you mean that we
create these signed objects by specifying which key to use with a
keyid with "!"  appended?  If so I agree that would make sense,
because we would then know which subkey should be used for signing
and checking with %GF/%GP would be a good way to do so.

Thanks.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux