David, the CVE would be strictly for reporting "OK" to a delete command that did not actually delete anything.
When an admin tries to remove a trusted key, the tools should either report success when it does, or failure when it cannot. I'm worried about the "apt-key adv --recv-key" issue; that's certainly not mentioned in the manpages the last few times I've used this. We should remove this advice from the manpage or provide a warning that it is not safe to use this, despite previous recommendations. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1481871 Title: apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats Status in apt package in Ubuntu: Confirmed Bug description: Description: Ubuntu 14.04.3 LTS Release: 14.04 apt: Installed: 1.0.1ubuntu2.10 apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # key is here apt-key del 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # delete key apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # key is still here # Works fine with IDs apt-key del 0E27C0A6 apt-key export 7A82B743B9B8E46F12C733FA4759FA960E27C0A6 # nothing exported # Works fine with fingerprint on Precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1481871/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
