Your message dated Sat, 15 Aug 2009 22:19:19 +0200
with message-id <1250367560.7694.4.ca...@leidi>
and subject line Re: Bug#118931: gnupg: voodoo with marginals-needed=3
has caused the Debian Bug report #118931,
regarding voodoo with marginals-needed=3 in gnupg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
118931: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118931
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg
Version: 1.0.6-2

I happened upon this bug completely by accident while geeking out
because a piece of mail I received from someone I don't know showed as
marginally trusted.

As it turns out, the key used to sign that piece of mail has been signed
by one key that I trust fully and two that I trust marginally.  With the
default thresholds of completes-needed=1 and marginals-needed=3, this
key shows up as being *marginally* trusted, when it should actually be
*fully* trusted!

After much experimenting with trust values, I've found that changing
marginals-needed to anything *other* than the default does the trick.
Even /raising/ the threshold for marginally-trusted signatures causes
this key to correctly register as fully trusted.

My key ID is 0x29982E5A.  The ID of the key used to sign the mail I was
viewing is 0x0917A9E4.  The three trusted keys that connect me with this
key are 0x797EBFAB, 0xCB467E27, and 0xF2C423BC.  All five of these keys
are available from keyring.debian.org or wwwkeys.us.pgp.net.  If this
bug is somehow specific to one or more of these keys, you should be able
to reproduce it by assigning trust values to the intermediary keys and
running 'gpg --trusted-key 0x28DEAE7F29982E5A --edit-key 0x0917A9E4'.
Then throw in --marginals-needed, and be amazed!

Regards,
Steve Langasek
postmodern programmer


--- End Message ---
--- Begin Message ---
Am Montag, den 27.07.2009, 12:16 +0200 schrieb Jeroen Schot:
> On Fri, May 08, 2009 at 02:49:12AM -0700, Steve Langasek wrote:
> > There should be enough information here to set up a reproducible
> > test case with some dummy keys, to be sure.
> 
> I've generated such a test case and could not reproduce this bug. The
> key is correctly shown as fully valid. I think it is save to assume
> that after eight years this bug has been fixed. I tried compiling
> older versions of GnuPG. The oldest version I could compile is 1.2.0.
> And in that version I couldn't reproduce the bug either.

I failed to reproduce it too.

> I recommend that you close this bug.

Many thanks for testing. Closing then.

Regards, Daniel



--- End Message ---

Reply via email to