r114 - trunk

Peter Palfrader cabot-devel@lists.noreply.org
Wed, 24 Mar 2004 11:16:02 -0700 

Author: weasel
Date: 2004-03-24 11:15:58 -0700 (Wed, 24 Mar 2004)
New Revision: 114

Modified:
   trunk/TODO
Log:
Update TODO

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2004-03-24 18:11:30 UTC (rev 113)
+++ trunk/TODO	2004-03-24 18:15:58 UTC (rev 114)
@@ -13,24 +13,19 @@
     everything given to ca-createsendout is a keyid.
   - Do away with outdated Revision variables, instead have a global
     version number.
-  o UID selection is broken when a key has revoked uids in dosign
-  o UIDs with special chars don't get selected in dosign
   - Write signing log for each signed UID/Key
   - have a general log
   - fail nicer if a challenge was answered twice
-  o check if key/uid is already signed
-  - put downloading and uploading of keys in the background
+  - put downloading and uploading of keys in the background,
+    or at least batch (#239801)
   - make it useable without additional system account
     (like use your own GNUPGHOME et al)
   - support more than one personal key
-  - optionally sign all keys in batch mode using command-fd
-
   - move getkeydir to shared Cabot.pm
     ca-recv and ca-dosign share a send_mail sub.  Shouldn't
     that get moved to Cabot.pm?  Or should we use a Mail module
     from CPAN?
                                            JvB, 2003-07-25
-
   - finish cabot-specific installation and setup instructions in
     README, after having done complete testing.
                                            JvB, 2003-07-25
@@ -38,74 +33,19 @@
     calling from .forward : MTA should decide wether error was
     temporarily or fatal.
                                            JvB, 2003-07-26
-
-  o BUG: Keys with high-bit ascii stuff in the id's comment make
-    the MAGIC verification fail.  High-bit stuff is replaced by
-    '_'.
-
-  - ca-dosign doesn't really clearly indicate an error in the MAGIC
+  - move texts out of ca-sendout.
+  - only send signed key to one address
+  - only send new signatures, not the entire key
+  o ca-dosign doesn't really clearly indicate an error in the MAGIC
     verification.  When all id's have failed to match the MAGIC,
     gpg asks: "Really sign all user IDs?".
     (I don't think that's an issue because we always have at least
      one matching UID, if the high-ascii bug is resovled -PP)
-
-  - move texts out of ca-sendout.
-
-------------------------------------------------------------------
-
->> Date: Tue, 29 Jul 2003 22:29:26 +0200
->> From: Ralf Treinen
->> Subject: Re: cabot (was: Re: PGP/GPG key exchange)
->> Message-ID: <20030729202926.GC1064@club-internet.fr>
->> 
->> Hi Joost, Peter,
-<snip>
->> The problem is that ca-dosign, when composing the arguments
->> to "gpg --edit", assumes that "gpg --list-keys" lists the uids
->> in the same order as "gpg --edit". However, this is not always
->> the case!
->> 
->> % gpg --list-keys ABCDEF01
->> pub  1024D/ABCDEF01 2001-12-13 John Doe <doe@example.org>
->> uid                            John Doe <chris.doe@gmx.de>
->> uid                            John Doe <john@users.example.net>
->> uid                            John Doe <john@example.org>
->> sub  1024g/7A4BE010 2001-12-13 [expires: 2006-12-12]
->> 
->> % gpg --edit ABCDEF01 quit
->> 
->> pub  1024D/ABCDEF01  created: 2001-12-13 expires: 2006-12-12 trust: -/-
->> sub  1024g/7A4BE010  created: 2001-12-13 expires: 2006-12-12
->> (1). John Doe <doe@example.org>
->> (2)  [revoked] John Doe <chris.doe@example.de>
->> (3)  John Doe <chris.doe@gmx.de>
->> (4)  John Doe <john@users.example.net>
->> (5)  John Doe <john@example.org>
->> 
->> The problem is that the revoked key appears in the editor. In this case,
->> since John replied to all challenges send, ca-dosign tries to sign the
->> first 4 uids. This fails on the second since it is revoked, but one
->> can easily construct another example where this even leads to a
->> signing of uid's for which the challenge has not been correctly
->> answered.
->> 
->> I guess you just have to obtain the list @allkeys by an invocation
->> of gpg --edit $keyid quit.
->> 
->> Cheers -Ralf.
->> 
-
-This should have been resolved. PP 09 2003
-
----------------------------------------------------------------------------
-
->> From: Erich Schubert
->> To: CA Bot Devel List <cabot-devel@lists.noreply.org>
->> Subject: Comment in cabot/README
->> Message-ID: <20030805143619.GA21832@bombadil.xmldesign.de>
->> Date: Tue, 5 Aug 2003 16:36:19 +0200
-
->> It would be nice if cabot would only send the own signatures to the
->> recipient to keep the mail size low.
-
-
+  o BUG: Keys with high-bit ascii stuff in the id's comment make
+    the MAGIC verification fail.  High-bit stuff is replaced by
+    '_'.
+  o check if key/uid is already signed
+  o UID selection is broken when a key has revoked uids in dosign
+  o UIDs with special chars don't get selected in dosign
+  X optionally sign all keys in batch mode using command-fd
+    Abandoned: use some agent stuff instead