[pkg-gnupg-maint] Bug#888025: gpgsm: UI asks insane, unanswerable trust questions

Peter Eckersley pde at eff.org
Mon Jan 22 18:46:56 UTC 2018

Package: gpgsm
Version: 2.2.4-1
Severity: important

Someone sending me S/MIME email caused mutt+gpg to open an insane pair of
sequential dialogue window asking multiple questions about whether I trust
what looked like one of Comodo's CA certificates.

The second dialogue included a fingerprint of unspecified sort, that I was
supposed to check against something, but the GTK interface didn't support
copying and pasting.

The useful information would have been:

1. Is this certificate in Debian's ca-certificates package? If so, dont show
the dialogue, just accept the certificate.

2. If this certificate *isn't* in Debian's ca-certificates package, that is
the single most important thing to tell the user. It's still probably a
useless dialogue, but maybe one user in a thousand will want to do the
research on where the CA cert came from.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpgsm depends on:
ii  gpgconf        2.2.4-1
ii  libassuan0     2.5.1-1
ii  libc6          2.26-4
ii  libgcrypt20    1.8.1-4
ii  libgpg-error0  1.27-5
ii  libksba8       1.3.5-2
ii  libreadline7   7.0-3

Versions of packages gpgsm recommends:
ii  gnupg  2.2.4-1

gpgsm suggests no packages.

-- no debconf information

More information about the pkg-gnupg-maint mailing list