GNU bug report logs - #57091
Git authentication reports subkey fingerprints

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 9 Aug 2022 21:08:02 UTC

Severity: normal

Full log

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: bug-guix <at> gnu.org, Ludovic Courtès <ludo <at> gnu.org>,
 Maxime Devos <maximedevos <at> telenet.be>
Cc: 57091 <at> debbugs.gnu.org
Subject: Re: bug#57091: Git authentication reports subkey fingerprints
Date: Thu, 11 Aug 2022 11:17:39 +0000

This is not a mere UI issue.  Basic verification is currently broke^Wdifferent, too, or the latest incident wouldn't have happened.

Hmm.  I wonder...

Ludo', are you worried that, since we already handle revocations like GPG would, the 'proper' OpenPGPmodel could somehow break?  That we are in effect unable to safely fix this (yes, I maintain it is a) bug?

Apologies if I'm wildly off the mark here.  But then I'd like to hear some plausible threat models.  Maxime?

In their absence, nasty surprises like what happened last week are argument enough to (try to! :-) implement normal OpenPGP behaviour.



Kind regards,

T G-R

Sent on the go.  Excuse above-average rambliness.
This bug report was last modified 2 years and 311 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.