[
https://issues.apache.org/jira/browse/WHIMSY-285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898217#comment-16898217
]
Sam Ruby commented on WHIMSY-285:
---------------------------------
Based on testing locally, the error occurs on the following line:
[https://github.com/apache/whimsy/blob/e5f07a10444d1a61818c8e0cb3cfb6b0cc377b22/www/secretary/workbench/views/actions/check-signature.json.rb#L78]
So it appears that openuri under certain circumstances creates a temporary file
and when it deletes that file it doesn't untaint the path name. Possible
solutions are to avoid the use of openuri, or even to back out all of the
TEMPORARY HACK (WHIMSY-275) completely.
> gpg: Can't check signature: No public key Insecure operation - unlink
> ---------------------------------------------------------------------
>
> Key: WHIMSY-285
> URL: https://issues.apache.org/jira/browse/WHIMSY-285
> Project: Whimsy
> Issue Type: Bug
> Components: SecMail
> Reporter: Matt Sicker
> Assignee: Craig L Russell
> Priority: Major
>
> See https://whimsy.apache.org/secretary/workbench/201907/1f7c69db9d/ and try
> to verify the GPG key. Running {{gpg --keyserver
> hkp://p80.pool.sks-keyservers.net:80 --recv-keys KEY_ID}} locally does find
> the key (gpg (GnuPG) 2.2.16).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
