Hi Ineive, Ineiev wrote: > Currently the 'gpg_key' colunm of the 'user' table has the 'text' > type, this means 64k character limit. Some users attempted > to register longer GPG keys, and they were truncated.
Longer than 64K! That seems very long to me. This feels to me (without looking) that they must be including something more in that key upload than they should be including. For example I have an rsa4096 gpg key. When exported using gpg 2.2.12 the resulting ascii armored key size is 10987 bytes. That would still comfortably fit within the 64k text size limit. I fear that people may be exporting their key incorrectly. That instead of the suggested command: Insert your (ASCII) public key here (made with gpg --export --armor KEYID): Perhaps they are exporting their entire keyring? When I leave off the keyid and export my entire keyring my keyring is 77M in size. I could definitely imagine an unfamiliar user doing this and exporting their entire keyring instead of just their own key. And if they were a new user unfamiliar with the process they might perhaps only have only a few other keys and the entire size might be only modestly larger than 64K in size. > I think this could be fixed with > 'alter table user modify gpg_key mediumtext' > (at least, it worked for the test instance at > https://i18n.frontend0.savannah.gnu.org). > > Can there be reasons _not_ to do that? Obviously in the above I am hoping for more digging into what is in those large keys. Becuase I think this should not be needed and that something else is wrong. But taking the question literally (just me being pedantic) the reason not to do that is that: + It could cover up a key dump usage problem. + It could pollute the database with very large (useless) blobs making the db harder to manage. + It could become known to malicious users as a location to store arbitrarily large files. Thank you for digging into this! :-) Bob
signature.asc
Description: PGP signature
