[Bug 1481871] Re: apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats
Seth Arnold
1481871 at bugs.launchpad.net
Wed Jan 6 02:54:03 UTC 2016
David, the CVE would be strictly for reporting "OK" to a delete command
that did not actually delete anything.
When an admin tries to remove a trusted key, the tools should either
report success when it does, or failure when it cannot.
I'm worried about the "apt-key adv --recv-key" issue; that's certainly
not mentioned in the manpages the last few times I've used this. We
should remove this advice from the manpage or provide a warning that it
is not safe to use this, despite previous recommendations.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1481871
Title:
apt-key del silently fails to delete keys due to limited understanding
of GPG key ID formats
Status in apt package in Ubuntu:
Confirmed
Bug description:
Description: Ubuntu 14.04.3 LTS
Release: 14.04
apt:
Installed: 1.0.1ubuntu2.10
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80
7A82B743B9B8E46F12C733FA4759FA960E27C0A6
apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # key is here
apt-key del 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # delete key
apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # key is still
here
# Works fine with IDs
apt-key del 0E27C0A6
apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # nothing
exported
# Works fine with fingerprint on Precise
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1481871/+subscriptions
More information about the foundations-bugs
mailing list