From: Andrew Engelbrecht <andrew@fsf.org>
Date: Tue, 9 Jul 2019 19:43:47 +0000 (-0400)
Subject: added warning about spam key sigs to script
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=77b92854643d833ccf78fb36aefa1a84cbd52ffc;p=fsf-keyring.git

added warning about spam key sigs to script
---

diff --git a/fsf-keyring.sh b/fsf-keyring.sh
index d11a8fe..e29c105 100755
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -64,6 +64,14 @@ done
 # note: this doesn't work with gpg2. i dunno what the equivalent is in
 # gpg2, likely just exporting all the keys.
 command gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
+echo
+echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
+echo
+echo "gpg2 --no-default-keyring --keyring=./fsf-keyring.gpg --list-sigs | less"
+echo
+echo "Press [enter] to continue."
+echo
+read
 gpg --sign ./fsf-keyring.gpg
 mv fsf-keyring.gpg.gpg fsf-keyring.gpg
 rm fsf-keyring.gpg~