summaryrefslogtreecommitdiff
path: root/man/b4.5.rst
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-11 15:41:32 -0400
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-11 15:41:32 -0400
commitcbf792796cdf7124d91f549e8f65f7da8a10d2e7 (patch)
tree9270b0fef9c4677f3e3d85b7937974ea485d3b7d /man/b4.5.rst
parent41f0167aa3eccff64a543d2adae4e9c7be64a7d5 (diff)
downloadb4-cbf792796cdf7124d91f549e8f65f7da8a10d2e7.tar.gz
Reimplement attestation-staleness-days
Looks like we lost this feature in the rewrite, so reimplement it again. This commit also removes obsolete configuration options and sets the default attestation check level at "softfail". Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'man/b4.5.rst')
-rw-r--r--man/b4.5.rst20
1 files changed, 4 insertions, 16 deletions
diff --git a/man/b4.5.rst b/man/b4.5.rst
index ee05675..583d6cc 100644
--- a/man/b4.5.rst
+++ b/man/b4.5.rst
@@ -232,25 +232,13 @@ Default configuration, with explanations::
# check: print an attaboy when attestation is found
# softfail: print a warning when no attestation found
# hardfail: exit with an error when no attestation found
- attestation-policy = check
+ attestation-policy = softfail
#
- # Fall back to checking DKIM header if we don't find any other
- # attestations present?
+ # Perform DKIM attestation?
attestation-check-dkim = yes
#
- # "gpg" (whatever gpg is configured to do) or "tofu" to force TOFU mode
- # If you don't already have a carefully maintained web of trust setup, it is
- # strongly recommended to set this to "tofu"
- attestation-trust-model = gpg
- #
- # How strict should we be when comparing the email address in From to the
- # email addresses in the key's UIDs?
- # strict: must match one of the uids on the key to pass
- # loose: any valid and trusted key will be accepted
- attestation-uid-match = loose
- #
# When showing attestation check results, do you like "fancy" (color, unicode)
- # or simple checkmarks?
+ # or simple markers?
attestation-checkmarks = fancy
#
# How long before we consider attestation to be too old?
@@ -281,4 +269,4 @@ Default configuration, with explanations::
SUPPORT
-------
Please email tools@linux.kernel.org with support requests,
-or browse the list archive at https://linux.kernel.org/g/tools.
+or browse the list archive at https://lore.kernel.org/tools.