gpgvProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Oct 22 2018

werner closed T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as Resolved.
Oct 22 2018, 7:32 PM · gpgv, gnupg, Bug Report
werner added a commit to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: rGb0d6e26bf3c8: gpg: Fix extra check for sign usage of a data signature..
Oct 22 2018, 7:29 PM · gpgv, gnupg, Bug Report

Oct 8 2018

werner added a comment to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.

Editor fault. The browser's editor is not like Emacs and here o my laptop the backspace key does not work as intended. I guess I was about to write ".. a back signature's usage flag".

Oct 8 2018, 11:49 PM · gpgv, gnupg, Bug Report
dkg added a comment to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.

what does "back signature's usage tool" mean? can we make an addition to the test suite that ensures that bad signatures will be rejected?

Oct 8 2018, 5:07 PM · gpgv, gnupg, Bug Report
werner reopened T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as "Testing".

The fix was not fully correct because it considered a back signature's usage tool.

Oct 8 2018, 4:26 PM · gpgv, gnupg, Bug Report
werner added a commit to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: rGb6275f3bda8e: gpg: Fix extra check for sign usage of a data signature..
Oct 8 2018, 4:24 PM · gpgv, gnupg, Bug Report

Jul 12 2018

werner closed T4036: gnupg 2.2.9 release, a subtask of T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities, as Resolved.
Jul 12 2018, 4:54 PM · gpgv, gnupg, Bug Report

Jul 4 2018

werner added a subtask for T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: T4036: gnupg 2.2.9 release.
Jul 4 2018, 9:16 AM · gpgv, gnupg, Bug Report
werner added a commit to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: rG214b0077264e: gpg: Extra check for sign usage when verifying a data signature..
Jul 4 2018, 9:11 AM · gpgv, gnupg, Bug Report
werner added a commit to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: rGef50fdf82a45: gpg: Extra check for sign usage when verifying a data signature..
Jul 4 2018, 9:11 AM · gpgv, gnupg, Bug Report
werner closed T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as Resolved.

Fix will also go into 2.2.9

Jul 4 2018, 9:10 AM · gpgv, gnupg, Bug Report

Jun 9 2018

dkg created T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.
Jun 9 2018, 12:33 AM · gpgv, gnupg, Bug Report

Sep 13 2017

werner closed T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument as Resolved.

The new unified compliance checker was not initialized. Fixed in the 2.2 branch.

Sep 13 2017, 9:23 AM · gnupg (gpg22), gpgv, Bug Report
werner added a commit to T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument: rG006ca124ed95: gpgv: Initialize compliance checker..
Sep 13 2017, 9:23 AM · gnupg (gpg22), gpgv, Bug Report

Sep 12 2017

werner triaged T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument as Normal priority.
Sep 12 2017, 9:27 AM · gnupg (gpg22), gpgv, Bug Report

Sep 9 2017

dkg created T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument.
Sep 9 2017, 7:20 PM · gnupg (gpg22), gpgv, Bug Report

Aug 21 2017

justus triaged T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key. as Wishlist priority.
Aug 21 2017, 11:33 AM · gpgv, Feature Request

Aug 15 2017

guillem added a comment to T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key..

As part of switching debsig-verify from using --list-packets to gpg with --list-keys --with-colons and gpgv, it would be helpful to eventually be able to get the fingerprint instead of the keyid. This is needed because debsig-verify uses the keyid to select which one of its policy files it has to load, to apply for the subsequent actual verification of the .deb package.

Aug 15 2017, 8:12 PM · gpgv, Feature Request
dkg created T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key..
Aug 15 2017, 6:30 PM · gpgv, Feature Request

Jun 19 2017

justus added a commit to T3210: assertion failure in compliance.c when using gpgv: rG6e23416fe61d: gpg: Disable compliance module for other GnuPG components..
Jun 19 2017, 11:31 AM · gpgv, Bug Report
justus closed T3210: assertion failure in compliance.c when using gpgv as Resolved.

Fixed in 6e23416fe61d4130918f2d1bf6e1f98d102c4610.

Jun 19 2017, 11:08 AM · gpgv, Bug Report
justus claimed T3210: assertion failure in compliance.c when using gpgv.
Jun 19 2017, 10:08 AM · gpgv, Bug Report

Jun 17 2017

werner triaged T3210: assertion failure in compliance.c when using gpgv as Unbreak Now! priority.
Jun 17 2017, 10:46 AM · gpgv, Bug Report
werner created T3210: assertion failure in compliance.c when using gpgv.
Jun 17 2017, 10:45 AM · gpgv, Bug Report

Mar 30 2017

admin created gpgv.
Mar 30 2017, 6:42 PM

Feb 13 2017

werner added a comment to T2932: gpgv error messages are confusing.

I understand, So this is another special case like the one when a keyring has
permissions which don't allow it to be read.

Feb 13 2017, 4:33 PM · Bug Report, gnupg, gpgv

Feb 4 2017

dkg added a comment to T2932: gpgv error messages are confusing.

the reason "no public key" is confusing is because gpgv already knows that there
can be no public key. So the message that the naive user needs to see in this
case is "no keyring available".

If there is at least one keyring available, then saying something like "no
public key found in keyrings X and Y and Z" is reasonable. but if there are no
keyrings at all, the message should just be something like "no keyring found to
validate signature against".

Feb 4 2017, 8:01 AM · Bug Report, gnupg, gpgv

Jan 25 2017

werner added a comment to T2932: gpgv error messages are confusing.

I agree on the first part. This needs to be fixed.

I do not understand wht you think "no public key" is the wrong message. We have
always used this message if the public key is not available for verification.
Do you think the text should be changed to "public key not found" ? That would
be a simple change in libgpg-error.

Libgpg-error has a GPG_ERR_MISSING_KEY but that code indicates wrong usage of
functions or bad data structures.

Jan 25 2017, 9:13 AM · Bug Report, gnupg, gpgv
dkg added projects to T2932: gpgv error messages are confusing: gpgv, gnupg, Bug Report.
Jan 25 2017, 12:19 AM · Bug Report, gnupg, gpgv