[Pkg-gnupg-maint] Bug#574915: gnupg: gpg misinterprets under-implemented keyservers as empty, misreports search results to users

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Mar 22 04:42:47 UTC 2010 

Package: gnupg
Version: 1.4.10-2
Severity: normal

keyring.debian.org currently offers a limited subset of HKP, covering
only gpg's --send and --recv options. --search is not implemented, as
is apparent from the HTTP 406 return code and message returned from
searches like the following:

http://keyring.debian.org/pks/lookup?op=index&options=mr&search=dkg&exact=on

(HTTP 406 means "Not Acceptable", which itself seems like it might be
slightly misapplied [0]).

However, gpg seems to think that the search was simply empty, rather
than a particular failure:

0 dkg at pip:~$ gpg --keyserver keyring.debian.org --search dkg
gpg: searching for "dkg" from hkp server keyring.debian.org
gpg: key "dkg" not found on keyserver
0 dkg at pip:~$ 

when in fact, there is a key "dkg" on the keyserver; it's just the
search query that isn't implemented.

While implementing this functionality on keyring.debian.org would be
nice, it'd also be nice to have gpg report this as an error state to
the user so they don't get confused and think the keyserver simply
doesn't hold a matching key.

        --dkg

[0] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.7

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnupg depends on:
ii  dpkg                    1.15.5.6         Debian package management system
ii  gpgv                    1.4.10-2         GNU privacy guard - signature veri
ii  install-info            4.13a.dfsg.1-5   Manage installed documentation in 
ii  libbz2-1.0              1.0.5-4          high-quality block-sorting file co
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libreadline5            5.2-7            GNU readline and history libraries
ii  libusb-0.1-4            2:0.1.12-14      userspace USB programming library
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages gnupg recommends:
ii  gnupg-curl                    1.4.10-2   GNU privacy guard - a free PGP rep
ii  libldap-2.4-2                 2.4.17-2.1 OpenLDAP libraries

Versions of packages gnupg suggests:
pn  gnupg-doc                 <none>         (no description available)
ii  imagemagick               7:6.5.8.3-1+b1 image manipulation programs
ii  libpcsclite1              1.5.5-3        Middleware to access a smart card 
ii  xloadimage                4.1-16.1       Graphics file viewer under X11

-- no debconf information

More information about the Pkg-gnupg-maint mailing list