Re: [GIT PULL] first round of SCSI updates for the 6.7+ merge window
From: Linus Torvalds
Date: Thu Jan 11 2024 - 18:51:03 EST
On Thu, 11 Jan 2024 at 15:28, James Bottomley
<James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> You installed the special "make it even harder to use" version didn't
> you?
We call that the standard version. Because "harder to use" comes with
the base package.
You have the same one:
> Because for me (gpg 2.4.3) it gives
>
> jejb@lingrow:~> gpg --list-key E76040DB76CA3D176708F9AAE742C94CEE98AC85
> pub rsa2048 2011-09-23 [SC] [expires: 2026-03-11]
> D5606E73C8B46271BEAD9ADF814AE47C214854D6
> uid [ultimate] James Bottomley
> <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxxxxxxx>
> uid [ultimate] James Bottomley <jejb@xxxxxxxxxx>
> uid [ultimate] [jpeg image of size 5254]
> uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxx>
> uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxxxxxxxxxx>
> sub nistp256 2018-01-23 [S] [expires: 2024-01-16]
> sub nistp256 2018-01-23 [E] [expires: 2024-01-16]
> sub nistp256 2023-07-20 [A] [expires: 2024-01-16]
Look closer.
NOWHERE there does it mention E76040D.. Nowhere.
Really.
Yeah, it says that a key that I didn't even ask for has subkeys. It
doesn't say what those subkeys are, nor does it say which one matches
the one I actually asked for.
Yes, you clearly have Stockholm syndrome and think that this is all
normal and exactly what you would expect to see.
I happen to think it's unbelievable garbage, and I think subkeys are
something that makes gpg even harder to use than it would otherwise
be.
Here's a clue: if I ask "ls" to show a file, do you think it would be
ok if "ls" instead said "here's the directory the file is in, and here
are the dates of all the files inside that directory"?
Or would you say that such a program is crap? Honestly now...
And the above is actually being *generous* to gpg. The reality is even
worse. Try this:
gpg --list-key 37AAA9562C5CBD0C
and notice how it doesn't even list the subkey I asked about. Not even
with '--with-subkey-fingerprint'.
And no, I'm not just making up particularly bad examples. This is the
reality I deal with all the time when people use expiration dates on
their keys.
The above "show my the key" is *literally* the key you used a decade ago:
git show --oneline --show-signature 233ba2c5ffcf
and this is (one of millions) reason why I despise gpg and subkeys in
particular. That key was valid at the time, and as far as I know
there's no way for git to say "was it expired at the time", so now all
those signatures flag as invalid.
Plus the "--list-key" thing NOT EVEN SHOWING THE KEY I ASKED FOR.
Christ.
Ok, I'm over it now. I just wanted to rant about my least favourite
program ever, and how you trigger all the worst parts of it.
Linus