When I run phive install on a CI system, PHIVE asks whether to import the relevant GPG keys, and then outputs the fingerprint of the key that is about to imported. As I have trouble remembering the exact length of a long GPG key ID, I sometimes copy the wrong number of digits (and I started with the correct number of digits for short key IDs).
When I use this incorrect key for the --trusted-gpg-keys option, PHIVE currently does not provide any feedback that the provided key IDs are of incorrect lengths, but silently ignores the provided keys.
I'd like to suggest that PHIVE validated the provided trusted keys and outputs an error messages if any key ID either is not a hex string or has a length different than that required for a long key ID or a fingerprint.
theseer
commented
3 years ago
This is a feature request.
My use case is like this:
When I run
phive installon a CI system, PHIVE asks whether to import the relevant GPG keys, and then outputs the fingerprint of the key that is about to imported. As I have trouble remembering the exact length of a long GPG key ID, I sometimes copy the wrong number of digits (and I started with the correct number of digits for short key IDs).When I use this incorrect key for the
--trusted-gpg-keysoption, PHIVE currently does not provide any feedback that the provided key IDs are of incorrect lengths, but silently ignores the provided keys.I'd like to suggest that PHIVE validated the provided trusted keys and outputs an error messages if any key ID either is not a hex string or has a length different than that required for a long key ID or a fingerprint.