Package: hopenpgp-tools
Version: 0.19.5-1
Severity: wishlist
a "key usage flags" subpacket
(https://tools.ietf.org/html/rfc4880#section-5.2.3.21) should be
present on every self-sig and every subkey binding signature.
the absence of a key usage flags subpacket should itself be displayed as
a warning.
furthermore, the presence of an empty key usage flags subpacket should
not be conflated with the absence of a key usage flags subpacket.
an empty-yet-present key usage flags subpacket explicitly says "this
key is *not* for any of the established uses, but i'm attaching it for
other reasons", while an absent key usage flags subpacket is
indistinguishable from "this key was created by software that doesn't
know how to produce a key usage flags subpacket".
--dkg
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'),
(200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages hopenpgp-tools depends on:
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.26-4
ii libffi6 3.2.1-8
ii libgmp10 2:6.1.2+dfsg-2
ii libncursesw5 6.0+20171125-1
ii libnettle6 3.4-1
ii libtinfo5 6.0+20171125-1
ii libyaml-0-2 0.1.7-2
ii zlib1g 1:1.2.8.dfsg-5
hopenpgp-tools recommends no packages.
hopenpgp-tools suggests no packages.
-- no debconf information
