Re: CVS commit: src/usr.bin/nbsvtool

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

On Mon, Jul 14, 2008 at 10:10:27PM +0200, Dieter Baron wrote:
> In article <20080714191059.GA5088%britannica.bec.de@localhost> Joerg wrote:
> : On Mon, Jul 14, 2008 at 08:55:45PM +0200, Dieter Baron wrote:
> : > attached is an updated version of the man page, please review.
> 
> : I'm considering to add a second argument for the sign command and
> : default to ${file}.sp7 otherwise. That would be consistent with verify.
> : Opinions?
> 
>   I would rahter specify the signature file as an option (-o or -s),
> for both sign and verify.  That way, we could specify more than one
> file to sign/verify (with the default signature file name).

For verify you can already do that. The second argument is optional.
The question is if sign should behave the same :)

> : >   - What is trusted if no trust anchor is given?
> 
> : Nothing.
> 
>   So is there any way for verify to succeed without a trust anchor?

That is right.

> Otherwise, -a is required for verify to make sense (and that should be
> noted in the man page, and probably enforced by the code).

Well, in the longer term we should have a default trust anchor. I did
not include that part from the original code from Love as needs a
decision where it should be, it needs care to not be changed randomly
etc. I think documenting it as such in the man page is the best approach
for now.

Joerg