[pkg-gnupg-maint] Bug#790665: gpg2 fails to import gpg2 created keyring in a gpg1 created keyring
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 11 21:37:17 UTC 2015
On Tue 2015-08-11 05:15:19 -0400, David Kalnischkies wrote:
> So, done'd the old #634197 based on this. A quick look via codesearch
> suggests that --refresh-keys isn't particularily widespreed in the
> archive and all uses seem to be 'okay'.
that's good to hear.
> What about 'blind' --recv-keys? My guess would be that this is just as
> unsafe as otherwise --refresh-keys could just be a "for all keys I have
> call --recv-keys key", but well, what do I know… This is relatively
> common in the archive, mostly in documentation, but some real calls.
--recv-keys is similarly risky, unfortunately. I'd be happy to try to
review this stuff with you further though, if you're interested. maybe
we can do this in heidelberg sometime next week?
> Yeah, you are right, I looked at an old gnupg DETAILS file on my system,
> not the gnupg2 one… sry for the confusion.
no worries, there were still bugs that needed fixing there, so thanks
for the ongoing nudges :)
--dkg
More information about the pkg-gnupg-maint
mailing list