added warning about spam key sigs to script

author Andrew Engelbrecht <andrew@fsf.org>

Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)

committer Andrew Engelbrecht <andrew@fsf.org>

Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)
author Andrew Engelbrecht <andrew@fsf.org>
Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)
committer Andrew Engelbrecht <andrew@fsf.org>
Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)
diff --git a/fsf-keyring.sh b/fsf-keyring.sh

index d11a8fec3a38a2b9343bc5406e11216c4aba954a..e29c105042c300aaa64d9f747902c614e1379905 100755 (executable)
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -64,6 +64,14 @@ done
  # note: this doesn't work with gpg2. i dunno what the equivalent is in
  # gpg2, likely just exporting all the keys.
  command gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
+echo
+echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
+echo
+echo "gpg2 --no-default-keyring --keyring=./fsf-keyring.gpg --list-sigs | less"
+echo
+echo "Press [enter] to continue."
+echo
+read
  gpg --sign ./fsf-keyring.gpg
  mv fsf-keyring.gpg.gpg fsf-keyring.gpg
  rm fsf-keyring.gpg~
author	Andrew Engelbrecht <andrew@fsf.org>
	Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)
committer	Andrew Engelbrecht <andrew@fsf.org>
	Tue, 9 Jul 2019 19:43:47 +0000 (15:43 -0400)