[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#57091: Git authentication reports subkey fingerprints
From: |
Tobias Geerinckx-Rice |
Subject: |
bug#57091: Git authentication reports subkey fingerprints |
Date: |
Thu, 11 Aug 2022 11:17:39 +0000 |
This is not a mere UI issue. Basic verification is currently broke^Wdifferent,
too, or the latest incident wouldn't have happened.
Hmm. I wonder...
Ludo', are you worried that, since we already handle revocations like GPG
would, the 'proper' OpenPGPmodel could somehow break? That we are in effect
unable to safely fix this (yes, I maintain it is a) bug?
Apologies if I'm wildly off the mark here. But then I'd like to hear some
plausible threat models. Maxime?
In their absence, nasty surprises like what happened last week are argument
enough to (try to! :-) implement normal OpenPGP behaviour.
Kind regards,
T G-R
Sent on the go. Excuse above-average rambliness.