[pkg-gnupg-maint] Bug#796710: Bug#796710: "moving a key signature to the correct place" loop

Werner Koch wk at gnupg.org
Mon Aug 24 08:35:56 UTC 2015


On Sun, 23 Aug 2015 16:53, zack at debian.org said:

> i.e. it seems that whatever "fixing" gpg does to the wrong packages that
> are present in the key material, it is undone by the next refresh from
> the keyserver. Allegedly, this is a bug in both gpg and the keyserver

That is because the keyserver adds the wrong signatures again.  For a
certain keyserver bugs gpg has the

   --import-options  repair-pks-subkey-bug

enabled by default which does

  During import, attempt to repair the damage caused by the PKS
  keyserver bug (pre version 0.9.6) that mangles keys with multiple
  subkeys. Note that this cannot com‐ pletely repair the damaged key as
  some crucial data is removed by the keyserver, but it does at least
  give you back one subkey. Defaults to no for regular --import and to
  yes for keyserver --recv-keys.

and there are two or so other bugs fixed during import.  Unfortunately I
can's remember why we do the 

   gpg: moving a key signature to the correct place

only during a --key-edit.  That fix was introduced in October 1998
(gnupg 0.4.3) to mitigate a bug in an earlier release.  It should be run
by the import too but it seems it was never needed until now? 

We need to analyze the actual reason for the problem and see what we can
do about it.  We could also silence the message ;-)

> I've also tested this with gpg2, obtaining the same result.

It is all the same code.  A bigger problem with your key is that it is
780 KiB long.  I was not able to upload it after signing without
increasing a limit in dirmngr (from 2.1).

It might be a good to apply commit 84f4c88 to the Debian 2.1 package, so
users of 2.1 have an easier way to upload the key (right, I don't to that
mail address verification thing).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the pkg-gnupg-maint mailing list