launchpad-dev team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

On Thursday 05 August 2010 20:01:19 Max Bowsher wrote:
> Some points:
> 
> 1) Some users will love this feature, because it provides a get-out for
> having a current GPG key with a silly user-id. However, some may find it
> annoying/surprising.
> 
> Plus, the current user experience when uploading to a PPA without a
> generated GPG key is very sub-optimal - your first upload is published
> unsigned, and the PPA is not signed until it is republished after key
> generation has finished.

We should probably delay publishing until there's a key generated.  The the 
reason we don't just generate a key when the PPA is opened is because we don't 
want to fill keyservers with junk keys.  Given your last comment in this email 
that sounds even more reasonable :)

> Therefore, this feature ought to at least be warned about in the PPA
> deletion confirm page - if not made optional.

Sounds sane.

> 2) Publishing a revocation is mutually contradictory with removing the
> key from the keyserver :-)

Yeah I realised that about 1 millisecond after hitting send :)

> 3) You can't remove a key from the global keyservers network - even if
> you remove it from one, they'll sync with each other, and re-propagate it.

Eugh. :/

Cheers
J