# $Id: README 115 2004-03-25 07:24:53Z weasel $

See INSTALL for generic installation instructions.


HOMEPAGE

The homepage for the project is located here :

 http://www.palfrader.org/cabot/


CONFIGURING CABOT

After having installed, set up cabot. There are currently two
documented ways of doing this :

- in ca-bot-noroot.txt are instructions to set up cabot without root
  access (probably the prefered way).

- in cabot-micro-howto.txt are instructions to set up cabot with a
  dedicated system account.

See the ca-bot pot file for usage info and more.  Run

  ./configure && make ca-bot.txt

to get it in a more readable format.


HACKING ON CABOT

Those who'd like to change the cabot internals, or want to build cabot from a
fresh CVS tree, should refer to the file ./bootstrap .

The latest development version can be fetched with subversion :

 svn co svn://svn.debian.org/cabot/trunk/ cabot


SIMILAR PROJECTS

Other software automating keysigning tasks:

- Skami (for "Sign key and mail it) : http://alioth.debian.org/projects/skami

- Roland Mas's scripts, gpg-sync-keys (which allows you to get a
  key from a list of keyservers, or send it to them, or fetch all keys
  that have signed it), gpg-sign-and-check (which automates a bit of
  the long series of operations required to sign a key) and
  gpg-mail-signed-keys (which sends an email to all the people whose
  key you've signed on a particular date); see
  http://people.debian.org/~lolando/gpg-goodies/ .

(Tnx Roland Mas for pointers.)


SOME THOUGHTS

Some tools sent a key, signed on just one uid, to this uid, in an encrypted
message.  These tools do not sent a challenge.  These tools make sure only
_this_ uid is signed, and therefore have to clear the keyring after each
signing.

For both the cabot way, and this way, there are arguments:

Suppose we're signing a key with 7 uid's on it, with a typical user, who does
request key upload.  The cabot way: 8 emails are sent to the owner.  The owner
has to decrypt 7 messages, and reply 7 times.   The user can optionally import
her signed key sent to her keyring, sent in a last message.  The other way: 7
emails are sent to the owner.  The owner has to decrypt 7 messages, and upload
7 times (or import 7 times in her personal keyring, and upload once).

(Tnx Erich Schubert for comments.)

-- 
Joost van Baal

