GnuPG output is not very useful

Hello, all:

I’m not sure if it’s a misconfiguration our part, but when GnuPG options
are enabled in RT, the UI output is not very useful. E.g., here’s what
it says for a valid signature:

GnuPG: The signature is good, signed by Foo Bar foo.bar@example.com,
trust level is unknown

Here are the reasons it’s not useful:

Key validity is not shown
I don’t really want to know the owner-trust level (more often than not
it’s going to be “unknown”). I want to see what the key validity is.
These two concepts are very different, but for signed email sent to the
tracker you want to see validity not owner-trust.

Key ID is not shown
"Foo Bar foo.bar@example.com" is not unique. Anyone can create a PGP
key with any name/email they want. What it should show is at least
partial hex keyid.

To clarify:

Each member of my support team is in the RT keyring with their keys
fully trusted (owner-trust: full). Users we support have their PGP key
signed by one of us, and a lot of incoming requests MUST be signed by a
PGP key carrying our signature before we act on them. So:

Me (trust:Full; validity:Full)
User Foo Bar, key signed by me (trust:Unknown; validity: Full)

The pgp output that would be really useful is:

GnuPG: Good signature from Foo Bar foo.bar@example.com
Key ID: 0xFFFFFFFF | Validity: Full | Trust: Unknown

I just wanted to check if there’s perhaps something we’ve overlooked in
the configuration that would let us make output resemble something like
that.

Best,
Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec

I’m not sure if it’s a misconfiguration our part, but when GnuPG options
are enabled in RT, the UI output is not very useful. E.g., here’s what
it says for a valid signature:

GnuPG: The signature is good, signed by Foo Bar foo.bar@example.com,
trust level is unknown

Here are the reasons it’s not useful:
[snip]

I just wanted to check if there’s perhaps something we’ve overlooked in
the configuration that would let us make output resemble something like
that.

Nope; patches gladly accepted. You likely want to look around

  • Alex