IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- It was possible to use `--allow-not-alive-certifier` and
`--allow-revoked-certifier` to force `sq pki certify` to use
expired and revoked certificates.
- Consistent with the principle that `sq` should support a lot, but
not everything, remove them.
- Fixes#365.
- Add and use a custom value parser for absolute directories with
explicit default for --home, --cert-store, and --key-store.
- If `default` is given, this parses to `None`. If an empty path is
given, a hint is displayed to give `default` instead.
- If a relative path is given, a hint is displayed to use an
absolute path instead.
- Fixes#299.
- When setting a certificate's expiration time, we update each user
ID's self signature. If a user ID is revoked, creating a new self
signature will "unrevoke it."
- Skip user IDs that are revoked.
- When setting a certificate's expiration time, we update the
direct key signature, and each user ID's self signature. This
fails if a user ID doesn't have a valid self signature.
- User IDs, however, don't need to be self signed! For instance, a
user ID may only have a third-party certification.
- Relax `sq key expire` to only add a self signature for a user ID,
if the user ID already has a self signature.
- Never call `exit`. If there is an error, propagate the error to
the caller. This ensures that any clean up handlers (like
flushing state to disk) are run.
- Changes the format to a certificate-centric view. I believe we
should present the data aligned with the OpenPGP concepts, and the
device tree structure, or where the secret key material resides,
is an implementation detail.
- Where the secret key material resides is an important detail that
we should still show, of course, but it shouldn't be the basis of
the structure we show.
- Incidentally, this greatly improves how user IDs are related to
certificates, and what happens if a subkey is bound to two
certificates. Hence, it fixes#334.
- In addition to the best user ID, we show key creation times to
help users differentiate between old and new keys.
- We print the fingerprints on a line on their own in preparation
for the considerably longer RFC 9580 fingerprints.
- We use data structures that naturally order their items, resulting
in a predictable output order.
- Fixes#292.
