[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30549 [Applications/Tor Browser]: Add script to remove expired sub-keys from a keyring file
#30549: Add script to remove expired sub-keys from a keyring file
--------------------------------------------+------------------------------
Reporter: boklm | Owner: tbb-team
Type: task | Status: needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201905R, tbb-rbm | Actual Points:
Parent ID: #30548 | Points:
Reviewer: | Sponsor:
--------------------------------------------+------------------------------
Changes (by boklm):
* status: needs_information => needs_review
Comment:
Replying to [comment:2 gk]:
> The commit message says things like "Add script to remove expired sub-
keys from a keyring file" but then we have
> {{{
> +# Drop expired and revoked sub-keys from a keyring file
> }}}
> Looking at the code it seems we indeed want to take care of both expired
and explicitly revoked keys. That's right?
Yes. I updated the commit message in in branch `bug_30549_v2`:
https://gitweb.torproject.org/user/boklm/tor-browser-
build.git/commit/?h=bug_30549_v2&id=0b258f07310f8180810558930f79f13d2d4d7906
>
> If we apply that script how can we prevent removing expired subkeys we
actually *still need* for building by accident?
We should only use this script when we want to remove all expired sub-
keys. I added a comment in the script mentioning that.
For the cases where we need to keep some of the expired-keys, but not all,
I am not sure yet what is the best way to do that, as gpg does not seem to
make it easy to keep only some of the expired sub-keys. Maybe using the
script with faketime would work, but I didn't try.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30549#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs