Skip Menu |

This queue is for tickets about the Module-Signature CPAN distribution.

Report information
The Basics
Id: 41978
Status: resolved
Priority: 0/
Queue: Module-Signature

Owner: Nobody in particular
Requestors: vincent [...]

Bug Information
Severity: Important
Broken in: 0.55
Fixed in: (no value)

Subject: Makefile.PL should not run "gpg --list-public-keys"
When Module-Signature is built, its Makefile.PL runs gpg --list-public-keys which can have side effects for the installer, such as creating config files: Looking for GNU Privacy Guard (gpg), a cryptographic signature tool... gpg: directory `/Users/vinc17/.gnupg' created gpg: new configuration file `/Users/vinc17/.gnupg/gpg.conf' created gpg: WARNING: options in `/Users/vinc17/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/Users/vinc17/.gnupg/pubring.gpg' created gpg: /Users/vinc17/.gnupg/trustdb.gpg: trustdb created GnuPG found (/opt/local/bin/gpg). Import PAUSE and author keys to GnuPG? [y] y Importing... done. Moreover if the installation is done via sudo (like in MacPorts), these config files will belong to root, which is really wrong. Also "gpg --list-public-keys" can also display a spurious warning if run in C locales while the list contains non-ASCII characters. I don't see how running this command can be useful. I suggest to remove the and defined `gpg --list-public-keys` System: Mac OS X 10.4.11 Perl v5.8.8

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to