Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 892752 - app-crypt/gnupg ships with expired certificate sks-keyservers.netCA.pem for obsolete SKS keyservers
Summary: app-crypt/gnupg ships with expired certificate sks-keyservers.netCA.pem for o...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-31 18:45 UTC by Kim B. Sindalsen
Modified: 2023-08-22 09:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kim B. Sindalsen 2023-01-31 18:45:08 UTC 
/usr/share/gnupg/sks-keyservers.netCA.pem expired Oct 2022

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            af:73:c8:b4:cf:9f:80:8f
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = NO, ST = Oslo, O = sks-keyservers.net CA, CN = sks-keyservers.net CA
        Validity
            Not Before: Oct  9 00:33:37 2012 GMT
            Not After : Oct  7 00:33:37 2022 GMT

Seems to be in both stable and newest ~.

Reported upstream (as soon as my account there is verified)

Reproducible: Always

Steps to Reproduce:
1. emerge app-crypt/gnupg
2. equery b /usr/share/gnupg/sks-keyservers.netCA.pem
3. less /usr/share/gnupg/sks-keyservers.netCA.pem
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-01-31 18:47:09 UTC 
The sks keyservers are dead anyway so I'm not sure it matters that much, does it?
Comment 2 Kim B. Sindalsen 2023-01-31 18:49:57 UTC 
Maybe not - triggers app-forensic/lynis check and by extension my OCD ;)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-08-19 15:27:43 UTC 
(In reply to Kim B. Sindalsen from comment #0)
> /usr/share/gnupg/sks-keyservers.netCA.pem expired Oct 2022
> 
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             af:73:c8:b4:cf:9f:80:8f
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C = NO, ST = Oslo, O = sks-keyservers.net CA, CN =
> sks-keyservers.net CA
>         Validity
>             Not Before: Oct  9 00:33:37 2012 GMT
>             Not After : Oct  7 00:33:37 2022 GMT
> 
> Seems to be in both stable and newest ~.
> 
> Reported upstream (as soon as my account there is verified)
> 

Could you give us the link to your report? Thanks!
Comment 4 Kim B. Sindalsen 2023-08-21 22:28:07 UTC 
https://dev.gnupg.org/T6404

Not used - so can't harm...