Your message dated Fri, 16 Oct 2009 22:37:30 +0000
with message-id <[email protected]>
and subject line Bug#501085: fixed in seahorse 2.28.0-1
has caused the Debian Bug report #501085,
regarding seahorse creates all-capable PGP keys when it should create Sign-Only
keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
501085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: seahorse
Version: 2.22.3-2
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When creating a new OpenPGP key, seahorse sets all capabilities on the
key (Encrypt, Certify, Sign, Authenticate) even though it claims to
create Sign-Only keys.
To reproduce from a bare account:
* launch seahorse
* Key | Create New Key | PGP Key
* enter bogus name/address/comment data (i've been using:
"Test User (DO NOT USE!!!) <[email protected]>")
* expand "Advanced Key Options"
* set "Encryption Type" to "RSA (sign-only)"
* choose a password.
* examine the flags of the resulting keys:
gpg --with-colons --fixed-list-mode --list-keys 'Test User' | grep '^pub:' |
cut -f12 -d:
If the key was really "sign-only", the output should be marked either
"sS" (Sign) or "scSC" (Sign and Certify).
instead, i get "escaESCA" from the above output.
This is bad, because it makes it difficult for users to separate the
various capabilities across keys and subkeys. Keeping capabilities
separated between keys is a useful "defense in layers" technique which
allows users to rotate subkeys at different intervals, and to transfer
more-sensitive keys into more secure storage.
--dkg
PS to read more about key capabilities:
http://tools.ietf.org/html/rfc4880#section-5.2.3.21
PPS from /usr/share/doc/gnupg/DETAILS.gz:
12. Field: Key capabilities:
e = encrypt
s = sign
c = certify
a = authentication
A key may have any combination of them in any order. In
addition to these letters, the primary key has uppercase
versions of the letters to denote the _usable_
capabilities of the entire key, and a potential letter 'D'
to indicate a disabled key.
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages seahorse depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libavahi-client3 0.6.22-3 Avahi client library
ii libavahi-common3 0.6.22-3 Avahi common library
ii libavahi-glib1 0.6.22-3 Avahi glib integration library
ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.22.0-1 The Bonobo UI library
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libgcc1 1:4.3.1-9 GCC support library
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.5-1 The GLib library of C routines
ii libgnome-keyring0 2.22.3-1 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeui-0 2.20.1.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.22.0-5 GNOME Virtual File System (runtime
ii libgpg-error0 1.4-2 library for common error values an
ii libgpgme11 1.1.6-2 GPGME - GnuPG Made Easy
ii libgtk2.0-0 2.12.11-3 The GTK+ graphical user interface
ii libgtksourceview2.0-0 2.2.2-1 shared libraries for the GTK+ synt
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libldap-2.4-2 2.4.10-3 OpenLDAP libraries
ii libnautilus-extension1 2.20.0-7 libraries for nautilus components
ii libnotify1 [libnotify1-gtk 0.4.4-3 sends desktop notifications to a n
ii libnspr4-0d 4.7.1-4 NetScape Portable Runtime Library
ii liborbit2 1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii libpanel-applet2-0 2.20.3-5 library for GNOME Panel applets
ii libpango1.0-0 1.20.5-2 Layout and rendering of internatio
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libsoup2.4-1 2.4.1-1 an HTTP library implementation in
ii libxml2 2.6.32.dfsg-4 GNOME XML library
Versions of packages seahorse recommends:
ii openssh-client 1:5.1p1-2.1opensc1 secure shell client, an rlogin/rsh
seahorse suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIVAwUBSOarPMzS7ZTSFznpAQJqxA//Z1vdLZNg4gF4qiEHDCNMdztXS2H8OlJ1
alFiivAAPECYrJFpwh1cO8J/7sDlyhsSTGe8luPzwECqLj2eqEqk7bfbYOW1EWp0
5WNh5y61EJPf/ifLD7p0knRO9E8gzma0OA1qtfqbG8vLSY+HuZH/4lp9a6/Tp2TX
IGBHkaGVeiXYz1UbWRXZRxKAgYm5u8ZXVzWOk/dqaGJQur+iIP0BNNRsLAgHefpI
WA+cANEM1mcBb/hiCF7GGO20ZqBJJlMt1uQtipuBGhUaBlpSAIwBgotEfFRvugPA
9vgRO1H3hzG0/0ESP/+LPiYQiKb609oEiL5LP6+nkZA5tDLKViVJeS5NVr99OOqe
C7t+6OZl2P7q6Mf5hBiFVbeJvHWNFeaNsAGdp4lhHUWacvz9wekLcJh2jcKndj2q
z7czF32DVzqAbQBnqVZ4nEDic8mSI/KafyZK0O1p2NPwsnHdsv58kYZ2CioatKe4
5BAbnfKzdqHGKUSZw11IizLhLM4qoh4J5Ig2CdpoaoaX+0bIBO2dbizFjZMiEWUq
rsSie+fHwS24WxXX4f+3gDI0TkvHwtnbjjUBYif1sVbBIeM1ezDNzuIOlmLl//6a
221HhZJoqM4LcBLOBLC30FM4vjckJRwMCZfOfh6V5eloFMTO08EbZBt3eXjDlQVt
+9kBF/RFe6Q=
=53Ha
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: seahorse
Source-Version: 2.28.0-1
We believe that the bug you reported is fixed in the latest version of
seahorse, which is due to be installed in the Debian FTP archive:
libcryptui-dev_2.28.0-1_amd64.deb
to pool/main/s/seahorse/libcryptui-dev_2.28.0-1_amd64.deb
libcryptui0_2.28.0-1_amd64.deb
to pool/main/s/seahorse/libcryptui0_2.28.0-1_amd64.deb
seahorse_2.28.0-1.diff.gz
to pool/main/s/seahorse/seahorse_2.28.0-1.diff.gz
seahorse_2.28.0-1.dsc
to pool/main/s/seahorse/seahorse_2.28.0-1.dsc
seahorse_2.28.0-1_amd64.deb
to pool/main/s/seahorse/seahorse_2.28.0-1_amd64.deb
seahorse_2.28.0.orig.tar.gz
to pool/main/s/seahorse/seahorse_2.28.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea Veri <[email protected]> (supplier of updated seahorse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Oct 2009 11:58:45 +0200
Source: seahorse
Binary: seahorse libcryptui0 libcryptui-dev
Architecture: source amd64
Version: 2.28.0-1
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Garcia Sogo <[email protected]>
Changed-By: Andrea Veri <[email protected]>
Description:
libcryptui-dev - the UI library for DBUS functions exported by seahorse
(developme
libcryptui0 - the UI library for DBUS functions exported by seahorse
seahorse - GNOME front end for GnuPG
Closes: 501085
Changes:
seahorse (2.28.0-1) unstable; urgency=low
.
* New upstream release.
- Set usage flags during unattended key generation,
(Closes: #501085)
* debian/control.in:
- removed libglade2-dev B-D, as per configure.in
requirements.
* debian/patches/02_service_autostart.patch:
- removed, applied upstream
* debian/patches/90_autotools.patch:
- refreshed.
* debian/patches/series:
- refreshed
Checksums-Sha1:
56b85e4bb974a9f53d7839b7e85d2b3a395a9019 1668 seahorse_2.28.0-1.dsc
2b9b30dcbc72304a50f35698786edad0e95002c5 3625089 seahorse_2.28.0.orig.tar.gz
a9c0984b050e15d7fa7e708944201b094ed8a0f7 30826 seahorse_2.28.0-1.diff.gz
8bdaaa3c32b35008c323d844733b384dd793b267 2595904 seahorse_2.28.0-1_amd64.deb
6d9b643316c16ecfdba1132577d3d7bdb2a73c56 74646 libcryptui0_2.28.0-1_amd64.deb
0f5ebebbc781d073f41febdbec951749015e13b0 145850
libcryptui-dev_2.28.0-1_amd64.deb
Checksums-Sha256:
9afac0f46051b655397b943da77af14816880ecd50e5f87c51515e9078ef559a 1668
seahorse_2.28.0-1.dsc
48331754b21d1a9543a592e43c0ad1abca142c8880712b844a0de13a8dfcc8d2 3625089
seahorse_2.28.0.orig.tar.gz
2ed09e9a1cf155abe94e1d4d556105863888c302d737c2fcacf62c3cebfedcbd 30826
seahorse_2.28.0-1.diff.gz
55c2052ee0068611d6a0fde3ac993fd9eb6038e59db7fcb3dbc4e14c2cb7cef9 2595904
seahorse_2.28.0-1_amd64.deb
c10b7e80c345995b0dc030f0b39505ec1eb5596874c06c1408e5bc617bfab0ab 74646
libcryptui0_2.28.0-1_amd64.deb
87ecae77357507857345ecc4760a74ceb460770dd7766ed35a3953603743247b 145850
libcryptui-dev_2.28.0-1_amd64.deb
Files:
4db8aca0711da3ec9a9025dea71af94e 1668 gnome optional seahorse_2.28.0-1.dsc
45b966b0f3269df1cbaea22b5c75b9fd 3625089 gnome optional
seahorse_2.28.0.orig.tar.gz
5c651fd85f847889de6088e1bb6055e0 30826 gnome optional seahorse_2.28.0-1.diff.gz
73558bf129b4631192a09f0ad8b7b68d 2595904 gnome optional
seahorse_2.28.0-1_amd64.deb
377a5be752a0003b0698edf3024d65ae 74646 libs optional
libcryptui0_2.28.0-1_amd64.deb
6c9511a62b21c6a3d932853a899b56d7 145850 libdevel optional
libcryptui-dev_2.28.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkrY7DcACgkQdkeBByM7nqC3oQCeOFN4cJhsObwuEz3NDEH0K34k
n6cAmJtWI4Lu7FSZt54Rxv5Wl8jHMiw=
=wlmB
-----END PGP SIGNATURE-----
--- End Message ---
