[pkg-gnupg-maint] Bug#839683: Bug#839683: apt-key accepts short key IDs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Feb 5 08:56:24 UTC 2017


Over on https://bugs.debian.org/839683 On Mon 2016-10-03 17:48:21 -0400, Daniel Kahn Gillmor wrote:
> Asking GnuPG to refuse short Key IDs generally is a weird idea -- where
> should they be refused?  What if i want to query gpg to see what keys i
> have that match a given key ID?  What if the *only* thing i have is a
> short key ID, and i just want to send someone mail that would otherwise
> go in cleartext?  should gpg refuse to offer to retreive the key?
>
> I don't see a clear implementable suggestion for GnuPG in this
> discussion yet, sorry :/

I never heard any specific changes that need to be made to GnuPG out of
this discussion, so i'm going ahead and closing #839683 .

If anyone has concrete suggestions, they're welcome to reopen the bug
report (or to open a new one, of course).

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170205/8fd8bdc7/attachment-0001.sig>


More information about the pkg-gnupg-maint mailing list