=== oerheks1 is now known as oerheks [13:41] re: gpg i seem to have som stale lockfile preventing gpg from being invoked by anything.. [13:46] https://tech.michaelaltfield.net/2019/07/14/mitigating-poisoned-pgp-certificates/ i think it is this... [13:46] arf... [15:18] seems to be keyid:79BE3E4300411886 Linus Torvald :( [15:19] takes forever to delete it also... [18:33] sakrecoer: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1844059 [18:33] Launchpad bug 1844059 in gnupg2 (Ubuntu) "Please apply mitigations for CVE-2019-13050" [Undecided,Confirmed] [18:35] "the specific updates to address this are not complete so" ... the ubuntu packages remain unfixed for now. [18:37] and then there is https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1844055 in Ubuntu which is why you cannot use the only 'safe' keyserver there is now [18:37] Launchpad bug 1844055 in gnupg2 (Ubuntu) "Importing public key from keys.openpgp.org fails with "no user ID" " [Undecided,Confirmed] [18:43] Thanks, Tomreyn! :) [18:47] I suppose I will just have to unsubscribe until the fix is out. [18:49] sakrecoer[m]: to unsubscribe from what? [18:49] the keyservers [18:54] oh, right, no longer using keyservers or importing keys or signatures will prevent your keyring from becoming infected. [18:55] it will, of course, also make it impossible to use gpg in a safe manner where you'd need to regularly update all the keys in your public keyring to not miss out on revocations and to get copies of keys whose expiry was extended. [18:56] yes, i imagine this is a pretty serious issue for quirte a few production environements [18:57] but the few people and projects where i use gpg are small enough to be able to verify eachother without server [19:02] ^ not sure why i had torvalds key though lol :) i've probably sent fanmail haha! [19:08] maybe you tried to verify the authenticity of his git commits [21:12] If I install 19.04, I can update to 19.10 via software update? [21:12] Studio [22:02] @designbybeck yes