added some details to multipe gpg keys issue

author: Arnaud Bailly <arnaud.oqube@gmail.com> 2014-11-12 00:37:53 +0800
committer: Joey Hess <joey@kitenet.net> 2014-11-11 13:30:32 -0400
commit: 4c19e8407dc80bea9f3fd9559338bbc68ee0678d (patch)
tree: e8e752ca6b3597a9c988986324da600ae0d776af /doc
parent: 51cb668e5caf482698bba34c52eaf10a604b1752 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/doc/todo/multi_gpg_key_privdata.mdwn b/doc/todo/multi_gpg_key_privdata.mdwn
index 754aa7e9..1d9b05a4 100644
--- a/doc/todo/multi_gpg_key_privdata.mdwn
+++ b/doc/todo/multi_gpg_key_privdata.mdwn
@@ -1,6 +1,11 @@
 To support multiple gpg keys added with --add-key, propellor should
 
 * When it encrypts the privdata after a change, encrypt it to all keys
-  listed in `privdata/keyring.gpg`
+  listed in `privdata/keyring.gpg`. See [this
+  post](http://laurent.bachelier.name/2013/03/gpg-encryption-to-multiple-recipients/)
+  explaining why and how encryption with multiple recipients work. 
 * When --add-key adds a new key, it should re-encrypt the privdata,
   so that this new key can access it.
+* When --add-key on behalf of another user, do not modify the signing key for
+  local git. This entails either splitting this command in two, `--add-key` and
+  `--set-signing-key`, or adding another command `--add-foreign-key`.
author	Arnaud Bailly <arnaud.oqube@gmail.com>	2014-11-12 00:37:53 +0800
committer	Joey Hess <joey@kitenet.net>	2014-11-11 13:30:32 -0400
commit	4c19e8407dc80bea9f3fd9559338bbc68ee0678d (patch)
tree	e8e752ca6b3597a9c988986324da600ae0d776af /doc
parent	51cb668e5caf482698bba34c52eaf10a604b1752 (diff)