Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate the --trusted-gpg-keys option #324

Open
oliverklee opened this issue Jul 27, 2021 · 1 comment
Open

Validate the --trusted-gpg-keys option #324

oliverklee opened this issue Jul 27, 2021 · 1 comment
Labels
enhancement

Comments

@oliverklee
Copy link
Contributor

This is a feature request.

My use case is like this:

When I run phive install on a CI system, PHIVE asks whether to import the relevant GPG keys, and then outputs the fingerprint of the key that is about to imported. As I have trouble remembering the exact length of a long GPG key ID, I sometimes copy the wrong number of digits (and I started with the correct number of digits for short key IDs).

When I use this incorrect key for the --trusted-gpg-keys option, PHIVE currently does not provide any feedback that the provided key IDs are of incorrect lengths, but silently ignores the provided keys.

I'd like to suggest that PHIVE validated the provided trusted keys and outputs an error messages if any key ID either is not a hex string or has a length different than that required for a long key ID or a fingerprint.
@theseer
Copy link
Member

theseer commented Jul 27, 2021

Sounds like a good idea to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theseer @oliverklee