[pkg-gnupg-maint] Bug#820342: gpa send public key to server despite the refusal of the user

[rpnpif]

Package: gpa
Version: 0.9.5-2
Severity: grave
Tags: security
Justification: user security hole

In the Server menu, Send keys. A dialogue box is displaying which asks 
"Are you sure you want to distribute this key?" If I click on the cross 
(x) to close this box, so it is the same as to click on Yes, the key is 
even though sent to the server. It is not the choice of the user. It is 
not conform with standards of the GUIs in Debian or in other OS.

It is a security issue by leak of data after an unwitting action of the 
user.

It should sent the key to the server only when the user click on Yes. 
Else if the user click on the cross or on No, nothing should be sent to 
the server


-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gpa depends on:
ii  gnupg2               2.0.26-6
ii  gpgsm                2.0.26-6
ii  libassuan0           2.1.2-2
ii  libatk1.0-0          2.14.0-1
ii  libc6                2.19-18+deb8u4
ii  libcairo2            1.14.0-2.1+deb8u1
ii  libfontconfig1       2.11.0-6.3
ii  libfreetype6         2.5.2-3+deb8u1
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u4
ii  libglib2.0-0         2.42.1-1+b1
ii  libgpg-error0        1.17-3
ii  libgpgme11           1.5.1-6
ii  libgtk2.0-0          2.24.25-3+deb8u1
ii  libpango-1.0-0       1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-0    1.36.8-3
ii  zlib1g               1:1.2.8.dfsg-2+b1

gpa recommends no packages.

gpa suggests no packages.

-- no debconf information