Is there a way to browse the GPG web of trust?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Oct 9 14:09:46 CEST 2011


On 10/07/2011 11:56 PM, Jerome Baum wrote:
> On 2011-10-07 20:55, Aaron Toponce wrote:
>> On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote:
>>> Why at all does this tool use the human readable format?  I don't get
>>> it.
>>
>> Probably because the author of sig2dot(1) doesn't know better.
> 
> Why fix what's not broken?

I can pretty much guarantee that it is in fact broken, given the range
of possible User IDs and various --list-options that could be applied in
gpg.conf to affect the human-readable format.

I suppose it's possible that no one has actually hit a broken case, or
(more likely) that no one has bothered to report such a breakage.

Has anyone tried to use sig2dot with a User ID that contains an embedded
newline?  Or with show-notations or show-keyserver-urls or
show-uid-validity set in --list-options?

Anyone looking for a quick way to make a contribution to this corner of
the OpenPGP toolset could just permute these kinds of changes until you
can coax sig2dot into a bad state, and then file a bug report to the
upstream author suggesting the use of the machine-readable format (or
the perl module GnuPG::Interface, which uses the machine-readable format
already, and should handle most of the parsing for you).

Just because it currently works in the "normal" case doesn't mean it
behaves properly in all cases.

Hoping i'm wrong about sig2dot,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111009/cfccd87e/attachment-0001.pgp>


More information about the Gnupg-users mailing list