/srv/irclogs.ubuntu.com/2019/09/15/#ubuntu-devel.txt

karlthaneHello, trying to help test. Downloaded the current daily iso for 19.10, not giving option to install to zfs in installer. Is there something special I have to do. Sorry if this is wrong channel.00:32
valoriekarlthane: try #ubuntu+101:01
=== CarlFK1 is now known as CarlFK
=== CarlFK1 is now known as CarlFK
caribouHello, I'm preparing an SRU upload of systemd for LP: #1805183. Anybody has something inflight on systemd ?10:35
ubottuLaunchpad bug 1805183 in systemd (Ubuntu Bionic) "systemd-resolved constantly restarts on Bionic upgraded from Xenial" [Medium,In progress] https://launchpad.net/bugs/180518310:35
tomreyngnupg2 (as well as gnupg, i.e. v1) in bionic fails to handle keys without user ids, as provided by the (only, as far as i know) key spam safe openpgp server keys.openpgp.org, which most applications now default to.14:01
tomreynso it's not currently possible to use a safe keyserver in bionic, from what i can tell.14:01
tomreynhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93066514:01
ubottuDebian bug 930665 in gpg "gpg won't import valid self-signatures if no user ids are present in imported transferable public key" [Important,Fixed]14:01
TJ-tomreyn: I find that vulnerabilty useful... as I have multiple IDs if the same email arrives for multiple IDs it gets deleted instantly by procmail14:13
tomreynTJ-: well, that's not so useful to me ;)14:18
TJ-hehehe14:22
TJ-tomreyn: so is it no longer possible to search by userid to find a key?14:22
TJ-tomreyn: hmm, is that keyserver not connected to the pool? it doesn't find my key14:23
tomreynTJ-: it is not connected to the SKS pool. are you aware of the signature spamming issues?14:35
tomreyni just filed bug 1844055 about the above.14:36
ubottubug 1844055 in gnupg2 (Ubuntu) "Importing public key from keys.openpgp.org fails with "no user ID" " [Undecided,New] https://launchpad.net/bugs/184405514:36
TJ-tomreyn: you mean the email addresses being harvested for spam? Yes, seen it for a long time which is why I have procmail rules to block it14:38
TJ-tomreyn: hashes the subject and counts for all IDs in the keys14:39
tomreynTJ-: no, i don't mean e-mail addresses harvested for spam. i mean the issue known as (variants of) OpenPGP certificate (key signature) flooding / spam. I added more context to the bug report now.15:03
TJ-tomreyn: ahhh, thanks, so adding lots of signatures to a key as a DoS because clients cannot cope with the quantity?15:09
tomreynTJ-: yes, this sums up CVE-2019-13050, mitigation of which got deferred https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13050.html15:12
ubottuInteraction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050)15:12
TJ-tomreyn: reading about the unmaintained 'toy' SKS software and the fact 2 key devs of openpgp have known about this for 10 years... I dispair!15:15
TJ-I despair, too!15:15
tomreynyes, it's overall a sad situation. :/15:25
TJ-the argument 'no-one can understand the code' is a poor one though; that is always possible if sufficient time is applied15:27
tomreyni wouldn't personally claim to be able to do so, not now, nor anytime soon. but certainly time, accompanied by other resources, such as knowledge and experience, money, could. the argument resting within this, that infrastructurally important or at least relevant software should be written in a widely understood programming language, accompanied by good documentation. (this said, i'm very grateful to kfiskerstrand and other contributors to15:37
tomreynthe SKS keyserver code and network over the years.)15:37
tomreyns/within this , that/within this is that/15:38
tomreynand we should move to -discuss.15:38
karlthane@valorie Thank You17:49
udevbotError: "valorie" is not a valid command.17:49
karlthanevalorie Thank you.17:49
Eickmeyercyphermox: Still no movement on bug 184319?17:59
ubottubug 184319 in GetDeb Software Portal "Update Package: alarm-clock 0.5" [Wishlist,Fix released] https://launchpad.net/bugs/18431917:59
EickmeyerOh, wrong bug...17:59
Eickmeyercyphermox: bug 184319618:00
ubottubug 1843196 in ubiquity-slideshow-ubuntu (Ubuntu) "[Merge Request] Updated Ubuntu Studio Slideshow" [Undecided,New] https://launchpad.net/bugs/184319618:00

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!