On 09/18/2013 10:35 PM, Doug Barton wrote: > The issue for me is the "cleanliness" and accuracy of my local key ring > (as I pointed out in a previous message in this thread). I don't like > what either CAFF or Pius do; leave signatures that I consider "bogus" on > my local copy of the key, or rely on the user to upload the signatures > so that I can get them back after a refresh.
It seems like either one or the other is likely to be the Right Thing to
do with any particular User ID.
Do you have any desired behavior to recommend as a middle ground?
Should caff or pius or monkeysign or similar tools ask the user during
signing about which of the e-mail-containing User IDs they are already
confident about somehow, and use that feedback from the user to either
(if confident) to store the new certifications in the user's main
keyring, or (if not confident) to require the round trip through the
keyservers? If this is what you want, how would you ask the user that
question in a comprehensible way for each User ID?
or is there some other approach you'd like to see happen?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
