| Subject: | Makefile.PL should not run "gpg --list-public-keys" |
When Module-Signature is built, its Makefile.PL runs
gpg --list-public-keys
which can have side effects for the installer, such as creating config
files:
Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...
gpg: directory `/Users/vinc17/.gnupg' created
gpg: new configuration file `/Users/vinc17/.gnupg/gpg.conf' created
gpg: WARNING: options in `/Users/vinc17/.gnupg/gpg.conf' are not yet
active during this run
gpg: keyring `/Users/vinc17/.gnupg/pubring.gpg' created
gpg: /Users/vinc17/.gnupg/trustdb.gpg: trustdb created
GnuPG found (/opt/local/bin/gpg).
Import PAUSE and author keys to GnuPG? [y] y
Importing... done.
Moreover if the installation is done via sudo (like in MacPorts), these
config files will belong to root, which is really wrong.
Also "gpg --list-public-keys" can also display a spurious warning if run
in C locales while the list contains non-ASCII characters.
I don't see how running this command can be useful. I suggest to remove the
and
defined `gpg --list-public-keys`
System: Mac OS X 10.4.11
Perl v5.8.8