Page MenuHome GnuPG
Create Task
Maniphest T6769

Kleopatra: Improve warning on keyserver upload
Testing, NormalPublic
Actions

Description

When uploading a certificate via Kleopatra you always get the same warning text, regardless if its your own or another ones. And the keyserver setting is not taken into account either. If its a public keyserver or a local AD does make a difference, though.

Current text:

<para>When OpenPGP certificates have been exported to a public directory 
server, it is nearly impossible to remove them again.</para><para>Before 
exporting your certificate to a public directory server, make sure that you 
have created a revocation certificate so you can revoke the certificate if 
needed later.</para><para>Are you sure you want to continue?</para>

The warning about the revocation certificate probably obsolete for your own certificates, too, as it is automatically created on key generation nowadays.

Regarding text changes because of public keyserver via AD, there also is ticket T6663 in the context of certification.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA17bf41bf00ff Don't ask for confirmation when publishing to an LDAP server
rKLEOPATRAcfd8aee40a54 Don't ask for confirmation when publishing to an LDAP server
rKLEOPATRA44707150ad59 Don't ask for confirmation when publishing to an LDAP server

Related Objects

Event Timeline

ebo created this task.Oct 20 2023, 12:03 PM
aheinecke triaged this task as Normal priority.Oct 23 2023, 7:30 PM
aheinecke added a subscriber: aheinecke.

IMO for LDAP we should not warn at all. Because there it is possible to remove certificates.

I think that with the revocation should be kept. Because otherwise we would need to inform users where the revocation certificates are kept, so it is better if they save them themself. Although in the spirit of always providing the user with a clear next step I would like to see that the dialog offers a way to create a revocation certificate for a key for which a secret is available directly from the dialog.

so you can revoke the certificate if needed later.

Maybe change that to "if it is compromised, lost, or you forgot your password"

TBH I find the word "revocation" a bit hard to understand for laymen.

TobiasFella added a commit: rKLEOPATRA44707150ad59: Don't ask for confirmation when publishing to an LDAP server.May 13 2024, 3:25 PM
TobiasFella claimed this task.May 13 2024, 3:25 PM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
TobiasFella added a commit: rKLEOPATRAcfd8aee40a54: Don't ask for confirmation when publishing to an LDAP server.May 14 2024, 11:03 AM
ikloecker added a project: vsd33.Jun 7 2024, 2:12 PM
ikloecker added a subscriber: ikloecker.

backported for vsd33 to avoid conflicts with changes for T7076

ikloecker moved this task from Backlog to WiP on the vsd33 board.Jun 7 2024, 2:12 PM
ikloecker added a commit: rKLEOPATRA17bf41bf00ff: Don't ask for confirmation when publishing to an LDAP server.Jun 7 2024, 3:12 PM
TobiasFella changed the task status from Open to Testing.Aug 8 2024, 10:54 AM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 1 2024, 3:55 PM
ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win 4.4.0 for Kleopatra.Wed, Nov 13, 5:04 PM