added FIXMEs to the configuration documentation: there are some pieces that need...

diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index 847e8795ea4c53f0825a4f64262c761c5f364218..85b37c1ead976c6d86b0dca1e2e37dc95301722b 100644 (file)
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -3,6 +3,9 @@
 # This is an sh-style shell configuration file.  Variable names should
 # be separated from their assignements by a single '=' and no spaces.
 
+#FIXME: shouldn't this be in /var by default? These are not text
+#files, and they should generally not be managed directly by the
+#admin:
 # GPG home directory for server
 #GNUPGHOME=/etc/monkeysphere/gnupg
 
@@ -24,8 +27,17 @@
 # in /etc/monkeysphere/authorized_user_ids/%u
 #AUTHORIZED_USER_IDS="%h/.config/monkeysphere/authorized_user_ids"
 
+#FIXME: why is the following variable named USER_CONTROLLED_...?
+#shouldn't this be something like MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+#instead?  For example, what about a server where the administrator
+#has locked down the authorized_keys file from user control, but still
+#wants to combine raw authorized_keys for some users with the
+#monkeysphere?
+
 # Whether to add user controlled authorized_keys file to
 # monkeysphere-generated authorized_keys file.  Should be path to file
-# where '%h' will be replaced by the home directory of the user.
-# To not add any user-controlled file, put "-"
+# where '%h' will be replaced by the home directory of the user or
+# '%u' by the username.  To not add any user-controlled file, put "-"
+#FIXME: this usage of "-" contravenes the normal convention where "-"
+#means standard in/out.  Why not use "none" or "" instead?
 #USER_CONTROLLED_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"

diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index f2ba4a78c12c6b0e8377ac4d27da1d9e51d3ab4b..cce936665830de5992f40e37f5d47bbf84406481 100644 (file)
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -9,6 +9,8 @@
 # GPG keyserver to search for keys
 #KEYSERVER=subkeys.pgp.net
 
+# FIXME: consider removing REQUIRED_*_KEY_CAPABILITY entirely from
+# this example config, given our discussion
 # Required key capabilities
 # Must be quoted, lowercase, space-seperated list of the following:
 #   e = encrypt
@@ -25,9 +27,12 @@
 # Should be "true" or "false"
 #HASH_KNOWN_HOSTS=true
 
-# ssh authorized_keys file
+# ssh authorized_keys file (FIXME: why is this relevant in this file?)
 #AUTHORIZED_KEYS=~/.ssh/known_hosts
 
-# This overrides other environment variables
-# NOTE: there is leakage
-#CHECK_KEYRING=true
+# check keyservers at every ssh connection:
+# This overrides other environment variables (FIXME: what does this mean???)
+# NOTE: setting CHECK_KEYSERVER to true will leak information about
+# the timing and frequency of your ssh connections to the maintainer
+# of the keyserver.
+#CHECK_KEYSERVER=true