[pkg-gnupg-maint] Bug#830479: gnupg2: new trust level "poisoned"

Simon Richter sjr at debian.org
Fri Jul 8 07:49:29 UTC 2016

Package: gnupg2
Version: 2.0.26-6
Severity: wishlist
Tags: upstream


with someone injecting the evil32 keys into the keyserver network it will
only be a matter of time until someone signs one of these by accident.

In case that is someone I have assigned a trust value to, I'd like to know
and revoke their trust as soon as possible.

For that, I'd think it would be great to have a way to mark keys as
poisoned, so whenever someone signs one of these, their trust level can be

This could be implemented inside the normal --update-trustdb code: if a
trust path appears to a key that is marked as poisoned, the trust level
dialog for the key that made the signature can be shown again with an
explanatory message -- afterwards, the trustdb is then rechecked from the


-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg2 depends on:
ii  dpkg             1.17.27
ii  gnupg-agent      2.0.26-6
ii  install-info     5.2.0.dfsg.1-6
ii  libassuan0       2.1.2-2
ii  libbz2-1.0       1.0.6-7+b3
ii  libc6            2.19-18+deb8u4
ii  libcurl3-gnutls  7.38.0-4+deb8u3
ii  libgcrypt20      1.6.3-2+deb8u1
ii  libgpg-error0    1.17-3
ii  libksba8         1.3.2-1+deb8u1
ii  libreadline6     6.3-8+b3
ii  zlib1g           1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  libldap-2.4-2  2.4.40+dfsg-1+deb8u2

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list