[pkg-gnupg-maint] Bug#1008573: Bug#1008573: gpg-agent -managed SSH keys stored in Yubikeys cannot be used with OpenSSH 8.9

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Apr 28 14:11:39 BST 2022


Control: forwarded 1008573 https://dev.gnupg.org/T5935
Control: tags 1008573 + upstream
Control: severity 1008573 important

This bug report was tagged severity "serious"

https://www.debian.org/Bugs/Developer#severities says that severity
level means:

  > is a severe violation of Debian policy (roughly, it violates a
  > "must" or "required" directive), or, in the package maintainer's or
  > release manager's opinion, makes the package unsuitable for release.

I see no justification for that severity level in the discussion, so i'm
changing it to normal.  If you think that's wrong, feel free to reset it
to "serious" with an explicit justification, thanks!

On Fri 2022-04-22 12:04:15 +0900, NIIBE Yutaka wrote:
> I found an issue of scdaemon.  At upstream development, it is tracked by:
>
> 	https://dev.gnupg.org/T5935
>
> When the data is not so large (smaller than the buffer size of token),
> it works using Gnuk, with the patch of scdaemon.

Thanks for tracking this down, gniibe!

If there's a specific patch that we should include in the debian release
of the 2.2 branch, please let me know.  The patch mentioned in
https://dev.gnupg.org/T5935
(https://dev.gnupg.org/rGe8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da) 
doesn't look like it will apply directly to the 2.2 branch.

In the meantime, people with the affected key/hardware combination
should be able to continue using the workaround described by vagrant.

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20220428/7b9db3f0/attachment.sig>


More information about the pkg-gnupg-maint mailing list