[pkg-gnupg-maint] Bug#1101007: regression: gpg --edit-key clean removes signature that was kept in 2.2.45
Andreas Metzler
ametzler at bebt.de
Sat Mar 22 17:36:18 GMT 2025
On 2025-03-21 Uwe Kleine-König <ukleinek at debian.org> wrote:
> Package: gnupg
> Version: 2.2.46-5
> Severity: normal
> X-Debbugs-Cc: ukleinek at debian.org
> Hello,
[...]
> So "clean"ing my key removed Trevor's signature.
> With gnupg 2.2.45-2 the same sequence keeps the signature. With my
> current understanding 2.2.45-2 is right to keep the signature and it's a
> bug in 2.2.46-5 to drop it.
> I have a few more reproducers and it's always only Trevor's signature
> that is removed.
[...]
Data point: Vanilla, unpatched 2.5.5 behaves the same way, 2.5.4 did
not. So this probably caused by the CVE-2025-30258 patchset.
cu Andreas
More information about the pkg-gnupg-maint
mailing list