hanazuki
commented
4 years ago It might be more robust to every time throw away our used keyring and create a new one.
Closed hanazuki closed 4 years ago
hanazuki
commented
4 years ago It might be more robust to every time throw away our used keyring and create a new one.
flavorjones
commented
4 years ago Thank you for submitting this, and apologies for my slow response!
@larskanis you wrote the keyring code in a91d840, can you take a look at this? We don't have test coverage on it and there seems to be some portability concerns (based on the commit message) that I don't want to break.
larskanis
commented
4 years ago It might be more robust to every time throw away our used keyring and create a new one.
The portability issues mentioned in a91d840acf316a65f5dae7045a194b75631bb2ff are the reason why the keyring isn't deleted as whole file. But gpg --status-fd is made for batch processing, so that this interface shouldn't change, so that I think our implementation is reasonable safe. It was just buggy in that way that it assumed only one key.
flavorjones
commented
4 years ago Thanks for reviewing, @larskanis. And thanks, @hanazuki, for the PR! I'm merging now and will release a new version shortly.
flavorjones
commented
4 years ago v2.5.0 has been released with this change. Thank you again!
hanazuki
commented
4 years ago @flavorjones Thank you! @larskanis Thank you for your review and advice.
In case multiple GPG public keys are given, the current implementation only removes the first key after use and leaves the others, which will be used to verify subsequent downloads (insecure). This patch makes sure to remove all of them.