GPG key adding - emails confusing

Asked by Morgan Collett on 2005-06-15

I added my GPG key

I added my GPG key. The primary UID email address was not registered in my foaf account but the other email addresses were.

So it added the new email address to my account and sent me the email.

The confusing part is that some pages - and the email - referred to validating my email address, and other pages refer to the GPG key, so it leaves me unsure as to whether the GPG key has been processed - the last page in the process said only "Email validated successfully". I had to go back to +editgpgkey to see if it was there or not.

Question information

English Edit question
Launchpad itself Edit question
No assignee Edit question
Last query:
Last reply:

This question was originally filed as bug #1032.

Celso Providelo (cprov) said : #1

The first situation could be a real bug, I'll verify it soon and let you know.
The other is related with "what is an GPG UID beyond a new email address ?", I can't see a reason to treat it different, but maybe it lacks some feedback when it includes your GPG key entry, which basically is done when you validade one of its UIDs.

Morgan Collett (morgan) said : #2

When I'm adding a GPG key, what I care about at that moment is the GPG key. I want clear indication that adding it either succeeded, or has not happened yet. Adding the email address is part of the process, I can see that - but when the email address is added, I'd like to see that the key is there. Perhaps simply redirecting back to /people/me/+editgpgkey would do the trick, since I can see it there. Also, that is where I started so it makes sense to leave me there at the end.

Celso Providelo (cprov) said : #3

I see your point, but you can't be redirect from "validating token" to "editing gpg", since the last requires Edit permission. Something trick would be to include this feedback information in own "validade token" page. Anyway, the current workflow should support the validation of a key which have all its UID already validade inside Launchpad. this can be done by sending the email containing the token to the preferredemailand also sending encrypted email, which I'm working on.

Christian Reis (kiko) said : #4

> I see your point, but you can't be redirect from "validating token"
> to "editing gpg", since the last requires Edit permission.

I don't see why this is a problem -- the user has Edit permission for his own key. Am I confused?

Celso Providelo (cprov) said : #5

Suppose the normal workflow:
 * browser closed (not logged in LP), the user figured out he has new email
 * reading that email, the user click in the link,
 * browser open the page "validade you UID"
 * the user types the LP pass to validade, click OK
 * LP redirects him to user/+editgpgkey,
 * LP redirects him to +login because he isn't authenticated yet.
 * the user needs to type login/"same pass" again.

So, Redirect from an unauthenticated page as token/key to <user>/+editgpgkey might require user to type his password again, the same was typed for validate the token. It's just /ugly/ from my point of view ... Adding more GPG info than "number of imported keys" to Person Overview can satisfy your suggested workflow, then we can redirect to people/<user> . What do you think ?

Celso Providelo (cprov) said : #6

Morgs, please check if the current versions offers the information/hints you were looking for when validating a GPG Key, since you 've already validated your key, the workflow will be kind of compromised, you need to deactivate and revalidate you key, and you will pass through a similart workflow.

Celso Providelo (cprov) said : #7

Morgs, I'm very interested in close this bug ;) could you provide the required feedback ?

Morgan Collett (morgan) said : #8

Hey Cprov,

Much much better. I'm happy :)


ethernet (lenski169) said : #9

linksys eg1032 for 9.04 jaunty driver

Seems solved, so setting status appropriately.