* keyring.c (keyring_rebuild_cache): Comment.

* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.

3 files changed, 30 insertions, 14 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index a73f88836..51d111129 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+2003-08-12  David Shaw  <[email protected]>
+
+	* keyring.c (keyring_rebuild_cache): Comment.
+
+	* sign.c (mk_notation_and_policy): Making a v3 signature with
+	notations or policy urls is an error, not an info (i.e. increment
+	the errorcount).  Don't print the notation or policy url to stdout
+	since it can be mixed into the output stream when piping and munge
+	the stream.
+
 2003-08-02  David Shaw  <[email protected]>
 
 	* parse-packet.c (parse_signature): Don't give "signature packet
diff --git a/g10/keyring.c b/g10/keyring.c
index 57461a7ba..274684cbb 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1367,6 +1367,13 @@ keyring_rebuild_cache (void *token)
         {
           if (node->pkt->pkttype == PKT_SIGNATURE)
             {
+	      /* Note that this doesn't cache the result of a
+		 revocation issued by a designated revoker.  This is
+		 because the pk in question does not carry the revkeys
+		 as we haven't merged the key and selfsigs.  It is
+		 questionable whether this matters very much since
+		 there are very very few designated revoker revocation
+		 packets out there. */
               check_key_signature (keyblock, node, NULL);
               sigcount++;
             }
diff --git a/g10/sign.c b/g10/sign.c
index a7f601def..06d1db100 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -72,20 +72,25 @@ mk_notation_and_policy( PKT_signature *sig,
     args.pk=pk;
     args.sk=sk;
 
+    /* It is actually impossible to get here when making a v3 key
+       signature since keyedit.c:sign_uids will automatically bump a
+       signature with a notation or policy url up to v4, but it is
+       good to do these checks anyway. */
+
     /* notation data */
     if(IS_SIG(sig) && opt.sig_notation_data)
       {
 	if(sig->version<4)
-	  log_info(_("can't put notation data into v3 (PGP 2.x style) "
-		     "signatures\n"));
+	  log_error(_("can't put notation data into v3 (PGP 2.x style) "
+		      "signatures\n"));
 	else
 	  nd=opt.sig_notation_data;
       }
     else if( IS_CERT(sig) && opt.cert_notation_data )
       {
 	if(sig->version<4)
-	  log_info(_("can't put notation data into v3 (PGP 2.x style) "
-		     "key signatures\n"));
+	  log_error(_("can't put notation data into v3 (PGP 2.x style) "
+		      "key signatures\n"));
 	else
 	  nd=opt.cert_notation_data;
       }
@@ -125,23 +130,20 @@ mk_notation_and_policy( PKT_signature *sig,
 	m_free(buf);
     }
 
-    if(opt.show_notation)
-      show_notation(sig,0);
-
     /* set policy URL */
     if( IS_SIG(sig) && opt.sig_policy_url )
       {
 	if(sig->version<4)
-	  log_info(_("can't put a policy URL into v3 (PGP 2.x style) "
-		     "signatures\n"));
+	  log_error(_("can't put a policy URL into v3 (PGP 2.x style) "
+		      "signatures\n"));
 	else
 	  pu=opt.sig_policy_url;
       }
     else if( IS_CERT(sig) && opt.cert_policy_url )
       {
 	if(sig->version<4)
-	  log_info(_("can't put a policy URL into v3 key (PGP 2.x style) "
-		     "signatures\n"));
+	  log_error(_("can't put a policy URL into v3 key (PGP 2.x style) "
+		      "signatures\n"));
 	else
 	  pu=opt.cert_policy_url;
       }
@@ -164,9 +166,6 @@ mk_notation_and_policy( PKT_signature *sig,
 
 	m_free(s);
       }
-
-    if(opt.show_policy_url)
-      show_policy_url(sig,0);
 }