5 files changed, 160 insertions, 24 deletions
diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn
new file mode 100644
index 0000000..c2908ad
--- /dev/null
+++ b/website/bugs/posix_compliance.mdwn
@@ -0,0 +1,9 @@
+It would be nice to make all of the Monkeysphere scripts POSIX
+compliant, for portability and light-weightedness.  Better POSIX
+compliance would probably at least be better for compatibility with
+o{ther,lder} versions of bash.  Unfortunately there are quite a few
+bashism at the moment, so this may not be trivial.  For instance:
+
+      servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l
+      50
+      servo:~/cmrg/monkeysphere/git 0$ 
diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
index 65268c5..67bc9d2 100644
--- a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
+++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
@@ -22,3 +22,100 @@ be hiding a bug, rather than getting it fixed correctly.
 Are there other ways we can deal with this problem?
 
 --dkg
+
+Here is an example when using monkeysphere-server
+add-identity-certifier on a host with a newly-installed monkeysphere
+installaton.  Note that running the same command a second time works
+as expected:
+
+     0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+     gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+     gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+     gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+     gpg: failed to rebuild keyring cache: file open error
+     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+     gpg: next trustdb check due at 2009-03-30
+     gpg: Total number processed: 1
+     gpg:               imported: 1  (RSA: 1)
+     Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver.
+     255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+     gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+     gpg: key D21739E9: "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" not changed
+     gpg: Total number processed: 1
+     gpg:              unchanged: 1
+
+     key found:
+     pub   4096R/D21739E9 2007-06-02 [expires: 2012-05-31]
+           Key fingerprint = 0EE5 BE97 9282 D80B 9F75  40F1 CCD2 ED94 D217 39E9
+     uid       [ unknown] Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+     uid       [ unknown] Daniel Kahn Gillmor <dkg@openflows.com>
+     uid       [ unknown] Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+     uid       [ unknown] Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+     uid       [ unknown] [jpeg image of size 3515]
+     sub   2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19]
+     sub   4096R/21484CFF 2007-06-02 [expires: 2012-05-31]
+
+     Are you sure you want to add the above key as a
+     certifier of users on this system? (y/N) y
+     gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+     gpg: Total number processed: 1
+     gpg:               imported: 1  (RSA: 1)
+     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+     gpg: next trustdb check due at 2009-03-30
+     gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
+     This is free software: you are free to change and redistribute it.
+     There is NO WARRANTY, to the extent permitted by law.
+
+
+     pub  4096R/D21739E9  created: 2007-06-02  expires: 2012-05-31  usage: SC  
+                          trust: unknown       validity: unknown
+     [ unknown] (1). Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+     [ unknown] (2)  Daniel Kahn Gillmor <dkg@openflows.com>
+     [ unknown] (3)  Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+     [ unknown] (4)  Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+     [ unknown] (5)  [jpeg image of size 3515]
+
+
+     pub  4096R/D21739E9  created: 2007-06-02  expires: 2012-05-31  usage: SC  
+                          trust: unknown       validity: unknown
+      Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75  40F1 CCD2 ED94 D217 39E9
+
+          Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+          Daniel Kahn Gillmor <dkg@openflows.com>
+          Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+          Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+          [jpeg image of size 3515]
+
+     This key is due to expire on 2012-05-31.
+     Please decide how far you trust this user to correctly verify other users' keys
+     (by looking at passports, checking fingerprints from different sources, etc.)
+
+       1 = I trust marginally
+       2 = I trust fully
+
+
+     Please enter the depth of this trust signature.
+     A depth greater than 1 allows the key you are signing to make
+     trust signatures on your behalf.
+
+
+     Please enter a domain to restrict this signature, or enter for none.
+
+
+     Are you sure that you want to sign this key with your
+     key "ssh://pip.fifthhorseman.net" (9B83C17D)
+
+     The signature will be marked as non-exportable.
+
+
+     gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+     gpg: failed to rebuild keyring cache: file open error
+     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+     gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
+     gpg: depth: 1  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 1f, 0u
+     gpg: next trustdb check due at 2009-03-30
+
+     Identity certifier added.
+     0 pip:~# 
diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn
new file mode 100644
index 0000000..db087b4
--- /dev/null
+++ b/website/bugs/use_getopts_instead_of_getopt.mdwn
@@ -0,0 +1,4 @@
+Since Monkeysphere is using bash, it would be nice to use the shell
+build in getopts function, instead of the external getopt program.
+This would reduce an external dependency, which would definitely be
+better for portability.
diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn
deleted file mode 100644
index 62094bb..0000000
--- a/website/bugs/useful-information.mdwn
+++ /dev/null
@@ -1,24 +0,0 @@
-I would like to know, at INFO (default) log level, when the 
-monkeyspehere makes a "real" modification to my known_hosts file; that 
-is, when it adds or deletes a key.
-
-Apparently this is hard because monkeysphere is currently configured to 
-delete all keys and then add good keys, so a key added for the first 
-time seems to the monkeysphere very similar to a key re-added ten 
-seconds after last login.
-
-Still, from a UI perspective, I want to know what monkeysphere is doing.
-
-------
-
-It looks like jrollins committed a change for reporting at INFO level
-when a host key gets added by the monkeysphere:
-2459fa3ea277d7b9289945748619eab1e3441e5c
-
-When i connect to a host whose key is not already present in my
-known_hosts file, i get the following to stderr:
-
-    ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
-
-This doesn't fully close this bug, because we aren't notifying on key
-deletion, afaict.
diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn
new file mode 100644
index 0000000..025d678
--- /dev/null
+++ b/website/bugs/useful_information.mdwn
@@ -0,0 +1,50 @@
+I would like to know, at INFO (default) log level, when the 
+monkeyspehere makes a "real" modification to my known\_hosts file; that 
+is, when it adds or deletes a key.
+
+Apparently this is hard because monkeysphere is currently configured to 
+delete all keys and then add good keys, so a key added for the first 
+time seems to the monkeysphere very similar to a key re-added ten 
+seconds after last login.
+
+Still, from a UI perspective, I want to know what monkeysphere is doing.
+
+------
+
+It looks like jrollins committed a change for reporting at INFO level
+when a host key gets added by the monkeysphere:
+2459fa3ea277d7b9289945748619eab1e3441e5c
+
+When i connect to a host whose key is not already present in my
+known_hosts file, i get the following to stderr:
+
+    ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
+
+This doesn't fully close this bug, because we aren't notifying on key
+deletion, afaict.
+
+------
+
+So current log level DEBUG will output a message if the known host
+file has been modified.  If the issue is that you want to know at the
+default log level everytime the known\_hots file is modified, then we
+should just move this message to INFO instead of debug, and then maybe
+remove the message that I added above.  I was under the impression
+that the issue was more about notification that a *new* key was added
+to the known\_hosts file, and therefore the new INFO message above
+fixed that problem.  Should we do this instead?
+
+In general, more verbose log levels *do* tell the user what the
+monkeysphere is doing.  Moving to DEBUG log level will tell you pretty
+much everything that happens.  I do *not* think that this should be
+the default log level, though.
+
+------
+
+I wouldn't want to see an extremely verbose default log level.  But i
+do think that saying something like "key blah blah blah was stripped
+from your known\_hosts file because it was expired" (for example)
+would be useful.  I think this case would occur infrequently enough
+that it is worth reporting in the UI at the regular log level.
+
+  --dkg