1000 times easier to just do sa-update --nogpg - SpamAssassin

This is a discussion on 1000 times easier to just do sa-update --nogpg - SpamAssassin ; You know, it is a 1000 times easier to just do $ sa-update --nogpg than to try to figure our the right way from the messages that surround "channel: GPG validation failed, channel failed", or the sa-update man page, or ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: 1000 times easier to just do sa-update --nogpg

  1. 1000 times easier to just do sa-update --nogpg

    You know, it is a 1000 times easier to just do
    $ sa-update --nogpg
    than to try to figure our the right way from the messages that
    surround "channel: GPG validation failed, channel failed", or the
    sa-update man page, or writing this group and asking what to do. So
    there, the result is gpg is defeated.

    The cure is to have the error message to say
    "Do sa-update --import bbblllaaa", with the exact name it wants.

    I challenge you to figure it out just from the failure message to
    sa-update -D. One ends up lost reading
    http://www.gnupg.org/faq/subkey-cross-certify.html.

    It is 1000 times easier to just do
    $ sa-update --nogpg.


  2. Re: 1000 times easier to just do sa-update --nogpg

    On Sat, 6 Sep 2008, jidanni@jidanni.org wrote:

    > You know, it is a 1000 times easier to just do
    > $ sa-update --nogpg
    > than to try to figure our the right way from the messages that
    > surround "channel: GPG validation failed, channel failed", or the
    > sa-update man page, or writing this group and asking what to do. So
    > there, the result is gpg is defeated.
    >
    > The cure is to have the error message to say
    > "Do sa-update --import bbblllaaa", with the exact name it wants.
    >
    > I challenge you to figure it out just from the failure message to
    > sa-update -D. One ends up lost reading
    > http://www.gnupg.org/faq/subkey-cross-certify.html.
    >
    > It is 1000 times easier to just do
    > $ sa-update --nogpg.


    I don't have any issues using GPG. Instructions have ALWAYS been clear and
    when followed to the letter, have no issues.

    -d


  3. Re: 1000 times easier to just do sa-update --nogpg

    jidanni@jidanni.org wrote:
    > You know, it is a 1000 times easier to just do
    > $ sa-update --nogpg
    > than to try to figure our the right way from the messages that
    > surround "channel: GPG validation failed, channel failed", or the
    > sa-update man page, or writing this group and asking what to do. So
    > there, the result is gpg is defeated.
    >
    > The cure is to have the error message to say
    > "Do sa-update --import bbblllaaa", with the exact name it wants.
    >
    > I challenge you to figure it out just from the failure message to
    > sa-update -D. One ends up lost reading
    > http://www.gnupg.org/faq/subkey-cross-certify.html.
    >
    > It is 1000 times easier to just do
    > $ sa-update --nogpg.



    curl -o sa.gpg http://spamassassin.apache.org/updates/GPG.KEY
    echo "24F434CE" >> gpg.keys
    sa-update --import sa.gpg
    echo "updates.spamassassin.org" >> channel.list

    curl -o jm.gpg http://yerp.org/rules/GPG.KEY
    echo "6C6191E3" >> gpg.keys
    sa-update --import jm.gpg
    echo "sought.rules.yerp.org" >> channel.list

    curl -o sare.gpg http://daryl.dostech.ca/sa-update/sare/GPG.KEY
    echo "856AA88A" >> gpg.keys
    sa-update --import sare.gpg
    #echo "...." >> channel.list



    sa-update --gpgkeyfile gpg.keys --channelfile channel.list

    I see no gpg failure...


  4. Re: 1000 times easier to just do sa-update --nogpg

    At 14:10 05-09-2008, jidanni@jidanni.org wrote:
    >You know, it is a 1000 times easier to just do
    >$ sa-update --nogpg


    As it's 1000 times easier to disable the firewall to solve user issues.

    >than to try to figure our the right way from the messages that
    >surround "channel: GPG validation failed, channel failed", or the


    There is a reason the updates are signed. You can either try and
    figure out the right way or you can wait for someone to compromise
    one of the endpoints to deliver illegitimate updates.

    Regards,
    -sm


  5. Re: 1000 times easier to just do sa-update --nogpg

    SM wrote:
    > There is a reason the updates are signed. You can either try and figure
    > out the right way or you can wait for someone to compromise one of the
    > endpoints to deliver illegitimate updates.


    Pardon me for putting words in someone's mouth, but I got the impression
    that the original poster's point was not to advocate disabling signature
    checking, but to suggest that the error message should be more useful.

    --
    Kelson Vibber
    SpeedGate Communications


  6. Re: 1000 times easier to just do sa-update --nogpg

    >>>>> "K" == Kelson writes:

    K> Pardon me for putting words in someone's mouth, but I got the
    K> impression that the original poster's point was not to advocate
    K> disabling signature checking, but to suggest that the error message
    K> should be more useful.

    Yes, I'm saying instead of just letting sa-update fail with the generic GNU
    message and GNU hyperlink, setting the user off on a PhD Thesis effort
    of trying to figure out what to do, instead just detect the problem and print out:
    ----------------
    Hello, this is the sa-update program talking to you.
    We've detected a problem.
    You need to do
    $ wget http://spamassassin.apache.org/updates/GPG.KEY
    $ sa-update --import GPG.KEY
    and then run sa-update again. Thank you.
    ----------------
    Have that hardwired into the sa-update program, ready and waiting for
    the next time it fails. What could be wrong with that? You can even add:
    ----------------
    If that doesn't work, use sa-update --nogpg, and consult
    http://news.gmane.org/gmane.mail.spa...assin.general/ ...


  7. Re: 1000 times easier to just do sa-update --nogpg

    jidanni@jidanni.org wrote:

    > Yes, I'm saying instead of just letting sa-update fail with the generic
    > GNU message and GNU hyperlink, setting the user off on a PhD Thesis
    > effort


    Wow. Hyperbole much?

    --
    Sahil Tandon


  8. Re: 1000 times easier to just do sa-update --nogpg

    On 06/09/2008 4:09 PM, jidanni@jidanni.org wrote:
    > Yes, I'm saying instead of just letting sa-update fail with the generic GNU
    > message and GNU hyperlink, setting the user off on a PhD Thesis effort
    > of trying to figure out what to do, instead just detect the problem and print out:
    > ----------------
    > Hello, this is the sa-update program talking to you.
    > We've detected a problem.
    > You need to do
    > $ wget http://spamassassin.apache.org/updates/GPG.KEY
    > $ sa-update --import GPG.KEY
    > and then run sa-update again. Thank you.
    > ----------------
    > Have that hardwired into the sa-update program, ready and waiting for
    > the next time it fails. What could be wrong with that? You can even add:


    Patches welcome. Please keep in mind, when parsing the output of GPG,
    that the error text may be platform dependent. For instance, even
    getting the cross-signed key error is platform dependent.

    Daryl


  9. Re: 1000 times easier to just do sa-update --nogpg

    >> Hello, this is the sa-update program talking to you.
    >> We've detected a problem.
    >> You need to do
    >> $ wget http://spamassassin.apache.org/updates/GPG.KEY
    >> $ sa-update --import GPG.KEY
    >> and then run sa-update again. Thank you.


    DCWO> Patches welcome. Please keep in mind, when parsing the output of GPG,
    DCWO> that the error text may be platform dependent. For instance, even
    DCWO> getting the cross-signed key error is platform dependent.

    Well as I am more an expert in breakfast cereals than whatever that is
    all about, somebody else please write the patch. Thanks.


+ Reply to Thread