cannot sign coc due to launchpad ignoring signing keys
Bug #1613 reported by
Robert Collins
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Medium
|
Celso Providelo | ||
Bug Description
Launchpad ignores my signing key when I give it gpg key validation. This prevents me from signing the CoC.
More details:
My secret key is offline and only available when I need to edit my uids, or generate new signing and encrypting keys which are of limited duration.
Launchpad should trust gpg which will validate against my public signing key details when I provide a signed CoC.
| Changed in launchpad: | |
| assignee: | nobody → name101 |
| status: | New → Accepted |
Revision history for this message
| Celso Providelo (cprov) wrote | #1 |
Revision history for this message
| Celso Providelo (cprov) wrote | #2 |
| Changed in launchpad: | |
| status: | Accepted → Fixed |
To post a comment you must log in.
This problem was solved requesting the master key fingerprint for all GPG signatures. It pushes the complexity to GPG system, which returns the master key when querying by any of its subkeys. This way we avoid the extension of the LP GPG model to store subkeys information. It was discussed with Robert Collins and we don't expect collateral effects. The changes are pending review.