Description

If only one root cert has the qual flag set in the trustlist.txt, gpgsm may wrongly propagate thus flag to other root certs, as well. A workaround is the use of --compatibility-flags no-keyinfo-cache.

Revisions and Commits

rG GnuPG
	rGcaa783329b34 gpgsm: Fix caching of the trustlist's flags.
	rG67a3020d0f3b gpgsm: Fix caching of the trustlist's flags.

Related Objects

Mentioned In: T7719: Release GnuPG 2.5.10

Event Timeline

• werner triaged this task as Normal priority.Jul 24 2025, 12:22 PM

• werner created this task.

• werner added a commit: rG67a3020d0f3b: gpgsm: Fix caching of the trustlist's flags..Jul 24 2025, 12:27 PM

• werner added a commit: rGcaa783329b34: gpgsm: Fix caching of the trustlist's flags..Jul 24 2025, 12:33 PM

This does not happen with gnupg24 because the cache has not been implemented there.

• werner mentioned this in T7719: Release GnuPG 2.5.10.Jul 25 2025, 5:26 PM

Fixed for gnupg22 and gnupg26

• werner mentioned this in Unknown Object (Maniphest Task).Aug 4 2025, 2:49 PM

The trustlist's qual flag is not cached correctly by gpgsmClosed, ResolvedPublicActions

Description

Revisions and Commits

Related Objects

Event Timeline

The trustlist's qual flag is not cached correctly by gpgsm
Closed, ResolvedPublic
Actions