bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#57091: Git authentication reports subkey fingerprints

From: Ludovic Courtès
Subject: bug#57091: Git authentication reports subkey fingerprints
Date: Thu, 11 Aug 2022 12:24:23 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) 
Hi,

Maxime Devos <maximedevos@telenet.be> skribis:

> On 09-08-2022 23:07, Ludovic Courtès wrote:
>> Hello,
>>
>> As Tobias explains at
>> <https://mail.gnu.org/archive/html/help-guix/2022-08/msg00073.html>  and
>> as can be seen from ‘.guix-authorizations’, the (guix openpgp) and (guix
>> git-authenticate) machinery reports the fingerprint of subkeys on
>> signatures (when subkeys are used) rather than the fingerprint of
>> primary keys.
>>
>> This should be changed to report primary keys, at least optionally.
>
> Why should it be changed? IIUC .guix-authorizations and (guix ...)
> care about the key that things were signed with, not necessarily the
> primary key, so it seems to me that it needs to report the subkey
> fingerprint, not the fingerprint of the primary key it belongs to, as
> the primary key is irrelevant to them IIUC.

Yes, I kinda agree, but…  the motivation here is that OpenPGP user
interfaces don’t normally refer to subkey fingerprints; instead they
refer to primary key fingerprints, even if you use a subkey, which is
the point of subkeys AIUI.  That Guix treats subkeys differently is
confusing to seasoned OpenPGP users.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]