[request-tracker-maintainers] Bug#735361: Bug#735361: Bug#735361: request-tracker4: FTBFS: GPG test failures
Kevin Falcone
falcone at bestpractical.com
Tue Jan 28 16:55:28 UTC 2014
On Wed, Jan 15, 2014 at 12:35:44AM +0000, Dominic Hargreaves wrote:
> On Wed, Jan 15, 2014 at 12:25:23AM +0000, Dominic Hargreaves wrote:
> > This appears to break the RT tests, which use this parameter:
>
> Just to be clear: since trust-model=always is only used in the test
> suite, I don't believe this issue affects running installations.
It's also a really common configuration to run in production,
especially if you tell RT to auto-download keys and want it to encrypt
back to randoms who email in, process of:
New ticket from bob at example.com, signed, encrypted to queue key.
RT downloads bob at example.com's key because you have
'auto-key-locate' => 'keyserver',
'keyserver-options' => 'auto-key-retrieve',
set in %GnuPGOptions
When you reply back to the user, you pick the Reply option, if there's
no trust path in the database gpg can kick back a warning/error about
not wanting to encrypt to an untrusted key.
Recipient 'bob at example.com' is unusable, the reason is 'Key not trusted'
For sites that manually keep a tightly controlled keyring, this isn't an
issue. I don't have statistics on how many users run with trust-model =
always but I definitely run into it with clients.
-kevin
More information about the pkg-request-tracker-maintainers
mailing list