Package: gnupg
Version: 1.4.19-3
Severity: normal
Tags: upstream
[ filing the bug report, as discussed with dkg and Clint at DebConf 15 ]
Below you can find the screen log of a gpg session that, using a fresh
GNUPGHOME:
1) fetch/reresh my key from the SKS keyserver pool
2) edit the key...
3) ...resulting in gpg moving a key signature to the correct place
multiple times
4) save the key
5) go to 1
i.e. it seems that whatever fixing gpg does to the wrong packages that
are present in the key material, it is undone by the next refresh from
the keyserver. Allegedly, this is a bug in both gpg and the keyserver
software running on the SKS pool.
Note that in the session below I did also try a second edit after
saving, without refreshing, and that does not make gpg trying to move
the signatures again. I.e. it seems that gpg fixing is stable on disk;
it is just not stable w.r.t. the key server.
I've also tested this with gpg2, obtaining the same result.
Cheers.
zack@timira:~$ export KEYID=6D866396
zack@timira:~$ export GNUPGHOME=/tmp/gpg-bug
zack@timira:~$ mkdir -m 700 $GNUPGHOME
zack@timira:~$ gpg --keyserver pool.sks-keyservers.net --recv-keys $KEYID
gpg: keyring `/tmp/gpg-bug/secring.gpg' created
gpg: keyring `/tmp/gpg-bug/pubring.gpg' created
gpg: requesting key 6D866396 from hkp server pool.sks-keyservers.net
gpg: /tmp/gpg-bug/trustdb.gpg: trustdb created
gpg: key 6D866396: public key Stefano Zacchiroli z...@upsilon.cc imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
zack@timira:~$ gpg --edit-key $KEYID
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
pub 4096R/6D866396 created: 2010-09-27 expires: 2016-09-02 usage: SC
trust: unknown validity: unknown
sub 4096R/02D0E74C created: 2010-09-27 expires: never usage: E
sub 4096R/93412799 created: 2012-12-01 expires: 2016-09-02 usage: S
[ unknown] (1). Stefano Zacchiroli z...@upsilon.cc
[ unknown] (2) Stefano Zacchiroli z...@debian.org
[ unknown] (3) Stefano Zacchiroli z...@cs.unibo.it
[ revoked] (4) Stefano Zacchiroli z...@pps.jussieu.fr
[ unknown] (5) Stefano Zacchiroli z...@pps.univ-paris-diderot.fr
[ revoked] (6) Stefano Zacchiroli (Debian Project Leader) lea...@debian.org
gpg save
zack@timira:~$ gpg --edit-key $KEYID
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 4096R/6D866396 created: 2010-09-27 expires: 2016-09-02 usage: SC
trust: unknown validity: unknown
sub 4096R/02D0E74C created: 2010-09-27 expires: never usage: E
sub 4096R/93412799 created: 2012-12-01 expires: 2016-09-02 usage: S
[ unknown] (1). Stefano Zacchiroli z...@upsilon.cc
[ unknown] (2) Stefano Zacchiroli z...@debian.org
[ unknown] (3) Stefano Zacchiroli z...@cs.unibo.it
[ revoked] (4) Stefano Zacchiroli z...@pps.jussieu.fr
[ unknown] (5) Stefano Zacchiroli z...@pps.univ-paris-diderot.fr
[ revoked] (6) Stefano Zacchiroli (Debian Project Leader) lea...@debian.org
gpg quit
zack@timira:~$ gpg --keyserver pool.sks-keyservers.net --recv-keys $KEYID
gpg: requesting key 6D866396 from hkp server pool.sks-keyservers.net
gpg: key 6D866396: Stefano Zacchiroli z...@upsilon.cc 13 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 13
zack@timira:~$ gpg --edit-key $KEYID
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key signature to the correct place
gpg: moving a key