Home GnuPG
Diffusion GnuPG 6701a38f8e4a

gpg: Fix a potential loss of key sigs during import with self-sigs-only.


gpg: Fix a potential loss of key sigs during import with self-sigs-only.

* g10/import.c (import_one_real): Don't do the final clean in the
merge case.

This fixes a regression introduced with self-sigs-only.

  • GnuPG-bug-id: T4628
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Event Timeline

I'm confused by this commit: Third-party sigs were the ones used for flooding, and those are dropped with self-sigs-only. Is the additional clean operation still necessary for the mitigation? Wouldn't it be easier to just not set the import-clean flag in the first place for the default keyserver options?

Edit: I noticed that I made the assumption that self-sigs are checked for cryptographic validity during import and dropped otherwise, regardless of import-clean. Is that correct?

As I already stated: Please read the source comments on why we do this

Sorry, I don't know which source code comment you are referring to. You mention the comment at https://dev.gnupg.org/T4628#128529 as well, but neither this commit nor be99eec2b105eb5f8e3759147ae351dcc40560ad contain such comment.

Are you referring to this one, perhaps?

/* Clean the key that we're about to import, to cut down on things
   that we have to clean later.  This has no practical impact on the
   end result, but does result in less logging which might confuse

This comment is no longer correct: The clean operation does have practical impact on the end result, if self-sigs-only is also true.

My concrete question remains: are self-sigs on import validated or otherwise dropped, and if so, wouldn't the self-sigs-only option on its own mitigate flooding? What is the reason for keeping import-clean around with more complex semantics?