Bug#558784: apt: re-adds removed keys

To: David Kalnischkies <kalnischkies+debian@gmail.com>
Cc: 558784 <558784@bugs.debian.org>
Subject: Bug#558784: apt: re-adds removed keys
From: Tollef Fog Heen <tfheen@err.no>
Date: Wed, 16 Dec 2009 08:36:37 +0100
Message-id: <[🔎] 87fx7bs73u.fsf@qurzaw.linpro.no>
Reply-to: Tollef Fog Heen <tfheen@err.no>, 558784@bugs.debian.org
In-reply-to: <c64043e60912140335i51345b5fh9201973d281d331a@mail.gmail.com> (David Kalnischkies's message of "Mon, 14 Dec 2009 12:35:56 +0100")
References: <87eingm5fk.fsf@qurzaw.linpro.no> <c64043e60912140335i51345b5fh9201973d281d331a@mail.gmail.com>

reopen 558784
thanks

]] David Kalnischkies 

| While i could agree with you on a (very high) metalevel that this could
| be a valid configuration change, i have a few very simple practical
| reasons why not:
|
| - first of all: /etc/apt/trusted.gpg is not a configuration file
|   [in dpkg sense] yes - it looks like one as it is in /etc - and it is in
|   some ways a configuration file, but not directly if you compare it to
|   "normal" configuration files like xorg.conf.

Yes, it's a configuration file.  If it's not, this is an FHS violation
as only configuration files should be in /etc. Dpkg does not have a
concept of configuration files, it has a concept of conffiles which are
shipped in the package.  The trusted.gpg file is not a conffile.  That
it is not a text file is irrelevant
here.  /etc/ssl/certs/ca-certificates.crt isn't a normal text file you
sit down and configure either.

As to whether it's a valid configuration change: why is it not?  Why is
adding more keys to the keyring valid if removing keys is not?  Why does
even apt-key provide a «remove» command if that's not a valid change of
configuration?

| - apt depends on debian-archive-keyring. So it explicitly says that it
|   requires the complete keyring to work correctly. A administrator who
|   removes parts of this keyring therefore doesn't make a valid configuration
|   change - he breaks the dependency apt has causing apt to do possibly
|   strange things (behavior of applications with broken dependencies is
|   undefined) - Including reimporting the keyring to fix it.
|   (A segfault would be also possible.)

The dependency isn't broken, I have d-a-k installed on the system, apt
and apt-key can access that keyring just fine, if not apt-key update
would not work.

If an application segfaults because of a missing key in a keyring,
that's surely a bug in the package; this whole argument sounds like a
strawman to me.

| - A keyring is a keyring because the keys together form a ring of trust.
|   If you don't trust a key in the ring, you can't trust the keyring
|   (if this wouldn't be the case a keyring should be called "loosely coupled
|   group of keys"), so if you remove a key you effectively remove the keyring.
|   This is disallowed by the dependency (as said in the previous point).

No.  GPG has a trust database where I can tell it how much I trust the
various keys.  That does not have anything to do with whether they are
in a single file or not.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Processed: Re: Bug#558784: apt: re-adds removed keys
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#558784: apt: re-adds removed keys
Next by Date: Re: APT 0.7.25 scheduled for Monday (2009-12-14)
Previous by thread: Bug#561270: apt: APT::Status-Fd=1 causes problems
Next by thread: Processed: Re: Bug#558784: apt: re-adds removed keys
Index(es):
- Date
- Thread