Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1153676
Summary: | All GPG-related operations are broken in seahorse | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Catanzaro <mcatanzaro+wrong-account-do-not-cc> |
Component: | seahorse | Assignee: | Matthias Clasen <mclasen> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | bcl, debarshir, jamielinux, kparal, mclasen, pachoramos1, rdieter, robatino, stefw, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | AcceptedBlocker | ||
Fixed In Version: | seahorse-3.14.0-2.fc21 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-11-10 06:35:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1043129 |
Description
Michael Catanzaro
2014-10-16 14:04:05 UTC
Reverting it means there will be unfixed security issues present - namely the CVE-2014-4617 will be. I think there's a work around that could be implemented in seahorse ... to force use of GnuPG 1.4.x for now. As this issue is moderate only I would say we can afford to have it unfixed on F19 and F20, but I am against reverting on F21. (In reply to Stef Walter from comment #2) > I think there's a work around that could be implemented in seahorse ... to > force use of GnuPG 1.4.x for now. If that fixes seahorse, then we don't need any changes in gnupg at all, correct? On F21, simply creating a GPG key with seahorse is broken. Proposing as a F21 final blocker: "All applications that can be launched using the standard graphical mechanism of a release-blocking desktop after a default installation of that desktop must start successfully and withstand a basic functionality test." "Basic functionality means that the app must at least be broadly capable of its most basic expected operations" Seahorse is a tool for creating and managing stored passwords, OpenSSH, and GnuPG keys. Everything GnuPG-related is currently broken. Discussed at 2014-11-05 blocker review meeting [1]. Accepted as a blocker. This bug is a clear violation of the Basic functionality final criterion [2]. It needs to be resolved in one way or other (downgrading seahorse to use gnupg1, removing gnupg functionality from seahorse, removing seahorse from default installation, reverting patches in gnupg2, ...). [1] http://meetbot.fedoraproject.org/fedora-blocker-review/2014-11-05/ [2] https://fedoraproject.org/wiki/Fedora_21_Final_Release_Criteria#Default_application_functionality (In reply to Kamil Páral from comment #6) > (downgrading seahorse to use gnupg1 ^ Stef has a seahorse patch for this, so no changes are needed in gnupg at this time. I just ask the gnupg maintainers to watch out for any future gnupg1 updates that could similarly break seahorse, especially in a stable release. seahorse-3.14.0-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/FEDORA-2014-14337/seahorse-3.14.0-2.fc21 In my opinion it is better to keep gnupg updated and fix any packages that break as a result than it is to continue to use a version with known vulnerabilities. I agree with bcl here. Also the downgrade to gnupg1 should be taken only as a temporary measure for F21 and for F22 it should be fixed to work with gnupg2 correctly or the gpg agent functionality should be dropped from it. seahorse-3.14.0-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |