[Tails-dev] Please review&merge feature/better-controlled-gn…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: tails-dev
Temat: [Tails-dev] Please review&merge feature/better-controlled-gnupg-connections
Hi,

the feature/better-controlled-gnupg-connections branch (no ticket)
is a candidate for 0.19 => please review and merge into devel.

Steps to test the no-honor-keyserver-url option:

1. generate key pair
2. edit key -> keyserver hkp://example.com
3. gpg --refresh-keys -> output must not contain example.com

I've added "write a testcase" to my todo list, but I don't promise
anything yet.

commit 8eb32b9b38942e91b9e2852c14af10def4f369a6
Author: Tails developers <amnesia@???>
Date: Sun Apr 28 15:02:03 2013 +0200

    GnuPG: locate keys only from local keyrings.


    This is probably the default, but better safe than sorry.


commit 946f89312d01d7d841429c9901aef2dee2683c9d
Author: Tails developers <amnesia@???>
Date: Sun Apr 28 15:00:56 2013 +0200

    GnuPG: don't connect to the preferred keyserver specified by the key owner.


    This feature opens the door to a variety of subtle attacks.


Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc