Make GnuPG configuration closer to the duraconf one
We should make good use of the great work done on https://help.riseup.net/en/security/message-security/openpgp/best-practices. The example configuration file lives in https://github.com/ioerror/duraconf.git.
Make GnuPG configuration closer to the best practices one (Closes: #7512).
Thanks to Emma Peel and Kill Your TV for the original patches.
The configuration comes straight from:
... modulo these changes:
- adjust ca-cert-file's location to match where we ship it; this will be fixed
later on this branch;
- have communication with keyservers go through Polipo (and in turn, through
the Tor SOCKS proxy); this is tracked by #7416.
The only removed since our previous configuration is no-auto-key-locate, as it's
actually the default setting.
#1 Updated by Dr_Whax over 5 years ago
- QA Check set to Ready for QA
There is a patch which can be found here: https://git-tails.immerda.ch/emmapeel/tails/commit/?h=feature/7512-Make-GnuPG-config-closer-to-duraconf&id=e8f2496e27f08f5d6c1ded13fe9f64066dc1deea
#11 Updated by intrigeri about 5 years ago
- % Done changed from 10 to 30
- Feature Branch changed from emmapeel:feature/7512-Make-GnuPG-config-closer-to-duraconf to feature/7512-Make-GnuPG-config-closer-to-duraconf-reworked
Code and design doc are done. Now needs to be tested:
- relevant parts of the automatic test suite
- incremental upgrades, if affected