From fb7b11ebb852fa255053ecab605bc9cfe9de0603 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 29 Apr 2016 00:31:49 +0200 Subject: don't show NO_PUBKEY warning if repo is signed by another key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Daniel Kahn Gillmor highlights in the bugreport that security isn't improving by having the user import additional keys – especially as importing keys securely is hard. The bugreport was initially about dropping the warning to a notice, but in given the previously mentioned observation and the fact that we weren't printing a warning (or a notice) for expired or revoked keys providing a signature we drop it completely as the code to display a message if this was the only key is in another path – and is considered critical. Closes: 618445 --- methods/gpgv.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'methods/gpgv.cc') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 53c3ff80e..9099521bd 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -203,14 +203,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, } else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0) { - char *sig = buffer + sizeof(GNUPGPREFIX); - char *p = sig + sizeof("GOODSIG"); + char *sig = buffer + sizeof(GNUPGGOODSIG); + char *p = sig; while (*p && isxdigit(*p)) p++; *p = 0; if (Debug == true) - std::clog << "Got GOODSIG, key ID:" << sig << std::endl; - GoodSigners.push_back(string(sig)); + std::clog << "Got GOODSIG, key ID: " << sig << std::endl; + GoodSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); } else if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0) { -- cgit v1.2.3