[Bug 494017] Re: refresh-keys with keyserver prefs connects once per key and often fails

[Thijs Kinkhorst]

Confirmed, but upstream indicates that it's not quite trivial to fix.

** Changed in: gnupg (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/494017

Title:
  refresh-keys with keyserver prefs connects once per key and often
  fails

Status in GNU Privacy Guard:
  Incomplete
Status in “gnupg” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: gnupg

  Affects both:
  • gnupg-1.4.6-2ubuntu5 (hardy)
  • gnupg2-2.0.7-1 (hardy)

  When keys have “keyserver” preferences set (see many of the newer @tarent.de keys,
  for example), the “gpg --refresh-keys” command has a weird modus operandi:

  First, it takes all of the keys with a keyserver set, and connects ONCE PER KEY to
  the keyserver (and often failing due to hitting the keyserver reconnection limit,
  loading it, or something), then it connects ONCE for all remaining keys to the
  keyserver set in ~/.gnupg/gpg.conf (which, incidentally, is the same keyserver as
  the one set on all but one of the keys with a keyserver pref set in my public key
  ring). This makes key refreshing very awkward, sometimes impossible.

  Please (possibly report upstream) change it so that keys with the same keyserver
  string listed in their pref are merged into one request, possibly merging with the
  default keyserver ifi t’s also the same.

  Marking this as security vulnerability because I think that, when people run
  gpg --refresh-keys (or gpg2 --refresh-keys) on an automated basis and don’t
  see it failing due to a loaded keyserver, they may not receive revocation
  certificates in time. If you disagree, feel free to un-flag this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg/+bug/494017/+subscriptions