Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an API for getting signature trust? #19

Open
anishathalye opened this issue Sep 5, 2016 · 2 comments
Open

Add an API for getting signature trust? #19

anishathalye opened this issue Sep 5, 2016 · 2 comments

Comments

@anishathalye
Copy link
Collaborator

anishathalye commented Sep 5, 2016
edited
Loading

Right now, it's possible to use Module::Signature to check if a signature is valid, but there's no API to check if it's trusted. This can be a problem.

It seems that there is some check for this, but the check prints an error to stderr, so it's not particularly useful.

Ideally, the API of verify() itself would be designed differently, perhaps like GNOME Camel, but that could (and probably would) break existing applications. So I'm not sure what's the best way to go about improving this for better security.
@audreyt
Copy link
Owner

audreyt commented Sep 5, 2016

Thanks for the suggestion! I'll be happy to take pull requests, though I'm not actively developing this module for the foreseeable future.

@anishathalye
Copy link
Collaborator Author

Okay, cool. I don't have much free time in the near future (and also, I don't really write Perl), so maybe someone else will see this issue and can work on a fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@audreyt @anishathalye