David, the CVE would be strictly for reporting "OK" to a delete command that did not actually delete anything.
When an admin tries to remove a trusted key, the tools should either report success when it does, or failure when it cannot. I'm worried about the "apt-key adv --recv-key" issue; that's certainly not mentioned in the manpages the last few times I've used this. We should remove this advice from the manpage or provide a warning that it is not safe to use this, despite previous recommendations. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481871 Title: apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1481871/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
