Follow

@micahflee Another SKS bug. Anyone can make a key unimportable: try `gpg --keyserver pgp.mit.edu --recv-keys 0x4F3F50786C401DCE`, it will fail. Also see pgp.mit.edu/pks/lookup?op=vind

@micahflee This is basically for the same reason: no validation on packets whatsoever. Packets that cause the key to be unimportable are clearly not RFC-compliant, but SKS still accepts those packets.

@yegortimoshenko wow. Think you should open a second issue for this bug, or keep it as part of the same issue?

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!