[SGVLUG] Gpg "goodies"

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Tue Jun 12 11:16:34 PDT 2007


In searching for ideas on syning my public keyrings across all my
machines, I came across this directory:

http://people.debian.org/~lolando/gpg-goodies/

Some neat scripts in there -- in particular, "gpg-mail-signed-keys".
This will search your public keyring for any keys you signed "today" and
generate an e-mail to the key holder letting them know you signed it.
One thing, though, is that the e-mail indicates that you've "already
uploaded it to a number of key servers", I'm wondering what the
social/ettiquite impact this is -- should you take it upon yourself to
upload keys you've signed, or is it better to return the signed key for
the user to make their own choice on how & where to distribute the key?

I ask this because I have one key in particular from someone I know has
explicitly kept his key off of the keyservers (so far)  I don't know the
exact reason he has chosen not to upload his key, but I'm willing to
respect his choices and actions and not upload it without his OK.

In any case, this looks like a neat "cron job" type thing to implement
-- maybe at 12:01 am set it to look for any keys signed "yesterday" and
blast out notifications.

(I'm also thinking that in the long run I'll set up client-side sync
scripts to sync with my main server, and that one in turn will send out
notifications for recent signatures...)



More information about the SGVLUG mailing list