[pacman-dev] [PATCH 1/5] pacman-key: keyring management tool

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Wed Sep 22 13:06:14 EDT 2010

On Mon, Sep 20, 2010 at 3:10 PM,  <guillaume at alaux.net> wrote:
> OK so hopefully this one will work nicely...

Yes, it is very good. I just would like to extend some parts, which go below:

> === PATCH ===
> +*-a*, *\--add* 'file ...'::
> +       Add the key(s) contained in 'file'(s) to pacman's keyring. If a key already exists, update it.

I'm trying to make the script work with standard input, as gpg does.
But I'm having some trouble with parameter expansion when a file name
has spaces. I'll check the man page for bash, I remember there's
something about that.

> +*\--help*::
> +       Displays this message

It wouldn't be exactly _this_ message :) Maybe the text could be:
"Display short usage instructions" or something like that.

> +*-r*, *\--receive* 'keyserver' 'keyid ...'::
> +       Fetch the 'keyid'(s) from the specified 'keyserver' URL

This operation will import also signatures that the keyid may have on
the keyserver. For examplo: if you have my public key and Allan signs
it in a public key server, if you receive my key with that command,
you'll get also the signature from Allan, saying that he trusts my
key. So, if you trust Allan's key, maybe my key will be also trusted.
It will depend on the minimum number of marginal or fully trusted
signatures are needed to transfer trust. Don't know if it is important
to add that to the text.

> +*-t*, *\--trust* 'keyid'::
> +       Set the trust level of the given key

That operation will call gpg in interactive mode. After entering that
mode, the user must do the following:

1. Check if the fingerprint shown is really the one he is trying to
trust. This is paramount for the correct working of gpg
2. Type 'trust' and press enter to start the trusting process
3. Choose the level of trust:
  3.1. Marginal: this means that you trust, but not so much. A key
marginally trusted will contribute with other marginally trusted keys
to transfer trust to new keys.
  3.2. Fully: this means that you trust a lot. In the default
configuration, this level transfers trust to other keys signed by it
without the need of other trusted keys.
  3.3. Ultimately: this means the key is as trusted as your own. Keys
signed with this key will be trusted also.
4. type 'quit' to get out of the interactive mode

> +*-u*, *\--updatedb*::
> +       Equivalent to \--check-trustdb in GnuPG

We could explain that this operation is not really needed and is
executed automatically whenever a new key is added or removed.

A: Because it obfuscates the reading.
Q: Why is top posting so bad?

Denis A. Altoe Falqueto

More information about the pacman-dev mailing list