[Pkg-privacy-maintainers] Bug#898085: gnupg: gpg --search-keys and parcimonie don't work: Tor misconfigured/keyserver EPERM

intrigeri intrigeri at debian.org
Sun Jul 8 17:05:51 BST 2018 

Control: reassign -1 dirmngr
Control: found -1 2.1.18-8~deb9u1
Control: found -1 2.1.18-8~deb9u2
Control: fixed -1 2.2.8-3

Hi,

intrigeri:
> I'm sure I've noticed this problem before and we've discussed it
> already, either with dkg or weasel, and I hope it's well tracked
> somewhere. I'll check and will then adjust BTS metadata accordingly.

FTR that was #849845, whose resolution was twofold:

 - tor now enables IPv6 traffic on the SocksPort by default
   (in stretch-backports and Buster)

 - if IPv6 traffic is not enabled, dirmngr now tells the user what the
   problem is and how to fix it (not sure in which version but
   definitely in the Buster one)

On the parcimonie side of things, I've updated the manpage so that
setup instructions that should now cover most common cases. This will
be part of the upcoming 0.10.4 but of course that won't help
Stretch users.

This bug is clearly not in parcimonie, but in dirmngr: parcimonie
"just" triggers it 100% of the time on a default Stretch installation.
So I'm reassigning to dirmngr. I'd like to treat this bug report as
one about the UX with the default config in Stretch (while #849845 was
about how to fix the root cause of the problem in tor) but that it
does not affect Buster (thanks to the default Tor config change).

The thing is, the UX improvements mentioned on
https://dev.gnupg.org/T2902 *are* in Stretch:

 - dirmngr tells "Tor is not properly configured"
 - with --verbose, I see:
   gpg: (further info: Please check that the "SocksPort" flag "IPv6Traffic" is set in torrc)

… but honestly that does not seem good enough to me:

 - Quite simply, the fact someone like Cyril did not get what was
   going on, and that it took me some time to diagnose the problem,
   is quite telling in itself.

 - The fact that one needs to pass --verbose to have any clue what is
   going on is worrying: in a situation where the user is told
   something that's hard to understand already ("Tor is not properly
   configured", while Tor works just fine for most practical
   purposes), they should not have to guess yet they have to manually
   do another thing in order to be told what exactly is wrong with the
   tor configuration. I would suggest the IPv6Traffic hint is
   displayed by default on Stretch, and not guarded behind --verbose.
   On Buster and newer, IMO we can stick to what upstream does since
   the default Tor configuration was fixed, so this UX problem should
   be moot :)

Dear GnuPG maintainers, feel free to merge with #849845, adjust the
metadata as you wish, and possibly improve the UX in Stretch by
implementing the suggestion above or something better.
Or just call it something that won't affect enough Stretch users to
warrant a s-p-u and then wontfix, your call :)

Cheers,
-- 
intrigeri

More information about the Pkg-privacy-maintainers mailing list