Merge commit 'dkg/master'

Conflicts: debian/changelog
author: Jameson Graef Rollins <jrollins@phys.columbia.edu> 2008-08-15 15:04:53 -0700
committer: Jameson Graef Rollins <jrollins@phys.columbia.edu> 2008-08-15 15:10:02 -0700
commit: 46586fc0f24e24166a52c2a0efb3e2ab838eea81 (patch)
tree: 4e1986278410f4e90e3a5ec70b11b10b14d67220 /website/bugs/list-id-certifiers-should-run-non-priv.mdwn
parent: cb05f332e617e346aa533d6dde02fb11c6148799 (diff)
parent: c9acc1237d8e21d74fe7070af1b061c888664e8b (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/website/bugs/list-id-certifiers-should-run-non-priv.mdwn b/website/bugs/list-id-certifiers-should-run-non-priv.mdwn
new file mode 100644
index 0000000..3cbd1af
--- /dev/null
+++ b/website/bugs/list-id-certifiers-should-run-non-priv.mdwn
@@ -0,0 +1,15 @@
+[[meta title="list-identity-certfiers should run as the non-privileged user"]]
+
+Right now, `monkeysphere-server list-identity-certifiers` runs as the
+superuser, and just lists the keys in the host's keyring.  This might
+not be the actual list of valid id certifiers, for a number of reasons:
+
+* the keys themselves might have been revoked by the owner
+
+* the id-certifiers might have been added with a different trust
+  level, or a regexp/domain limitation.
+
+It would make more sense to derive the list of trusted certifiers
+directly from the keyrings as seen by the non-privileged
+`monkeysphere` user, since this user's keyrings are what are going to
+judge the validity of various user IDs.
author	Jameson Graef Rollins <jrollins@phys.columbia.edu>	2008-08-15 15:04:53 -0700
committer	Jameson Graef Rollins <jrollins@phys.columbia.edu>	2008-08-15 15:10:02 -0700
commit	46586fc0f24e24166a52c2a0efb3e2ab838eea81 (patch)
tree	4e1986278410f4e90e3a5ec70b11b10b14d67220 /website/bugs/list-id-certifiers-should-run-non-priv.mdwn
parent	cb05f332e617e346aa533d6dde02fb11c6148799 (diff)
parent	c9acc1237d8e21d74fe7070af1b061c888664e8b (diff)