* Is there a GnuPG library we can link against instead of execing gpg?
- Yes, there is PGG, but it is merely a wrapper around the GPG binary. A
very good wrapper, but it is hugely overweight for what we need.
Basically this may be a dead issue. Otherwise, we should probably start
using the --with-colon and --status-fd output for better parsing of
the verify and keyring output.
* Figure out how to integrate this more tigthly with the package tools
(apt, dpkg etc..).
* Expiry still needs to be handled.
* Add some more info to the verbose output.
STATUS: in progress
* Obviously this needs more code auditing.
- The code uses static buffers and length constrained functions (snprintf,
strncmp) where ever possible, but in some cases it might make sense to
switch them to dynamically allocated buffers instead.
* I18n and l10n.