[Sks-devel] sks patch to refuse poison key

[Shengjing Zhu]

On Sun, Jul 15, 2018 at 06:28:24PM +1000, Haw Loeung wrote:
> I don't think these patches should land in SKS. It's to work around
> one key and doesn't scale very well. Instead, I think more work should
> be done adding the ability to not accept and send keys of a certain
> size as well as options to exclude specific list of keys. I'm not sure
> if there's another mailing list used by SKS developers to discuss
> this.

Thanks, I see the patches hard code key id, so I think it shouldn't land in
upstream too.

> 
> If you're interested in the patches, you should be able to download
> the *.debian.tar.xz file from the link below:
> 
> | 
> https://launchpad.net/~canonical-sysadmins/+archive/ubuntu/sks-public/+packages
> 
> Extract that and the series of patches to-date are:
> 
> | 0012-poison-key.patch
> | poison-key-id-update
> | 0014-poison-key-output-fix
> | 0091-pjdc-compare-short-keyid.patch
> 

I don't know ocaml, but these patches are in a mess, shouldn't it be
simplified to,

diff --git a/keydb.ml b/keydb.ml
index 949a1f4..7ff976a 100644
--- a/keydb.ml
+++ b/keydb.ml
@@ -1166,6 +1166,11 @@ struct
     try
       if has_hash hash then [] else
         let keyid = Fingerprint.keyid_from_key ~short:true key in
+        let keyid_long = Fingerprint.keyid_to_string ~short:false 
(Fingerprint.keyid_from_key ~short:false key) in
+
+        (* Blacklist poison key - RT#112669 *)
+        plerror 4 "considering keyid %s" keyid_long;
+        if List.mem keyid_long ["E41ED3A107A7DBC7"] then [] else
         let potential_merges = List.filter ~f:(fun x -> x <> key)
                                  (get_by_short_keyid keyid)
         in

-- 
Best regards,
Shengjing Zhu

signature.asc
Description: PGP signature