noting that list-identity-certifiers should be running as a non-privileged user.

author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2008-08-15 17:19:58 -0400
committer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2008-08-15 17:19:58 -0400
commit: c9acc1237d8e21d74fe7070af1b061c888664e8b (patch)
tree: 24f49d29e66c4ff04d7aacf754f34d99878f1141 /website
parent: 78fe687a40613136c72bf3fcf16939d4415d4a1c (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/website/bugs/list-id-certifiers-should-run-non-priv.mdwn b/website/bugs/list-id-certifiers-should-run-non-priv.mdwn
new file mode 100644
index 0000000..3cbd1af
--- /dev/null
+++ b/website/bugs/list-id-certifiers-should-run-non-priv.mdwn
@@ -0,0 +1,15 @@
+[[meta title="list-identity-certfiers should run as the non-privileged user"]]
+
+Right now, `monkeysphere-server list-identity-certifiers` runs as the
+superuser, and just lists the keys in the host's keyring.  This might
+not be the actual list of valid id certifiers, for a number of reasons:
+
+* the keys themselves might have been revoked by the owner
+
+* the id-certifiers might have been added with a different trust
+  level, or a regexp/domain limitation.
+
+It would make more sense to derive the list of trusted certifiers
+directly from the keyrings as seen by the non-privileged
+`monkeysphere` user, since this user's keyrings are what are going to
+judge the validity of various user IDs.
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2008-08-15 17:19:58 -0400
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2008-08-15 17:19:58 -0400
commit	c9acc1237d8e21d74fe7070af1b061c888664e8b (patch)
tree	24f49d29e66c4ff04d7aacf754f34d99878f1141 /website
parent	78fe687a40613136c72bf3fcf16939d4415d4a1c (diff)