Something should happen with an INSECURE UNTRUSTED key

grant-olson / rubygems-openpgp

This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.

http://www.rubygems-openpgp-ca.org

Other

32 stars 4 forks source link

Something should happen with an INSECURE UNTRUSTED key #12

Closed grant-olson closed 11 years ago

grant-olson commented 11 years ago

Right now an unverified untrusted signature is treated the same as one that has been authenticated. This should change. What should we do?

Abort?

Prompt "Proceed anyway? Yes/No"?

More flags to enforce/unenforce behaviour?

grant-olson commented 11 years ago

0.4.0 released