Your message dated Sat, 06 Mar 2021 04:18:34 +0000
with message-id <[email protected]>
and subject line Bug#984594: fixed in gpgme1.0 1.15.1-2
has caused the Debian Bug report #984594,
regarding gpgme always emits --with-keygrip, breaking its use with gpg1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984594
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:gpgme1.0
Version: 1.13.1-2
Control: affects -1 gpg1
In gpgme 1.13.1-2, I added
debian/patches/0006-gpg-Send-with-keygrip-when-listing-keys.patch in an
attempt to fix https://dev.gnupg.org/T4820.
Upstream's alternative fix was instead to not test the output that
breaks with older, known-buggy GnuPG versions (see upstream commits
cff600f1f65a2164ab25ff2b039cba008776ce62 and
5c0d1c7f76c95bad8bce4ad3bafd121ec5101d3c), and to add an extra flag
(GPGME_KEYLIST_MODE_WITH_KEYGRIP) that users of GPGME need to supply if
they want to ensure that the keygrip field of the gpgme_subkey_t object
is populated (see c8048bf8eb988f22b20215197f4739bedafc4264)
I now see in the OpenPGP test interoperability test suite
(https://tests.sequoia-pgp.org) a terse report that "GPGME uses
--with-keygrip unconditionally, breaking GnuPG 1.4". Indeed, gpg1 does
not appear to support the --with-keygrip flag at all.
It's not clear to me that the proposed upstream API is particularly easy
to use, but maybe it's better to drop the remaining patch and align with
upstream expectations, because:
- the test suite already has dropped coverage of the relevant parts,
so the test suite won't fail.
- in T4820, upstream appears concerned about additional compute cost of
generating keygrips (though i haven't seen any attempt to
characterize the total compute cost)
- alignment with upstream is good in itself
One possible consequence of doing this this is that gpgme-dependent
tools that expect the keygrip field to be populated (as it indeed was by
default when gpgme was backed with older versions of gpg) may break
until they learn to apply GPGME_KEYLIST_MODE_WITH_KEYGRIP (which in turn
would oblige them to depend on gpgme >= 1.14.0).
Another alternative would be to make
debian/patches/0006-gpg-Send-with-keygrip-when-listing-keys.patch
conditional on the version -- only do that when the backend is known to
be version 2.2.x or higher.
I'm leaning toward just dropping the patch.
--dkg
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: gpgme1.0
Source-Version: 1.15.1-2
Done: Daniel Kahn Gillmor <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gpgme1.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <[email protected]> (supplier of updated gpgme1.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Mar 2021 22:39:56 -0500
Source: gpgme1.0
Architecture: source
Version: 1.15.1-2
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuPG Maintainers <[email protected]>
Changed-By: Daniel Kahn Gillmor <[email protected]>
Closes: 984594
Changes:
gpgme1.0 (1.15.1-2) experimental; urgency=medium
.
* Avoid sending --with-keygrip unconditionally (Closes: #984594)
Checksums-Sha1:
12c3438412729bd5a62553bef65a1492e34a9ec0 2288 gpgme1.0_1.15.1-2.dsc
a7f1f9152774690167c1baf80d1b3585468c829d 20152 gpgme1.0_1.15.1-2.debian.tar.xz
effc90d1f3b8696973ec74b7e9d036cfaafdb83d 13738
gpgme1.0_1.15.1-2_source.buildinfo
Checksums-Sha256:
3d03eab3e097fe51bdf1950097332ff9a75ab87f8655d6138e1b58396e9b6b5c 2288
gpgme1.0_1.15.1-2.dsc
d2f676a10f2b2bcee67876860318f6b940e7e5f4d980670d1c6b9aecc1690afa 20152
gpgme1.0_1.15.1-2.debian.tar.xz
029b62c8778d84efd0b43271617bbaf2d4c496f0c885858948aefdfec20e44e4 13738
gpgme1.0_1.15.1-2_source.buildinfo
Files:
0d6e2ecf3ef0ca003e8b7d3c624d6137 2288 libs optional gpgme1.0_1.15.1-2.dsc
e610c1402c49b59f635100858a5ed431 20152 libs optional
gpgme1.0_1.15.1-2.debian.tar.xz
dae196dfc3665c56025db9f40c40eff7 13738 libs optional
gpgme1.0_1.15.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCYEL/1AAKCRA+nXFzcd5W
XG9dAQCCAKc3HKVW8W1vqDDrlbW9YBHQqvRAXHDZy0mufgORlAEA1lNc/GWy8WDu
KXVh+eTxO7B0w2pjn5ZmeZZSCt18NQM=
=V7u+
-----END PGP SIGNATURE-----
--- End Message ---
