You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2014/04/16 22:08:20 UTC

[jira] [Commented] (INFRA-7576) selfserve: password reset with multiple LDAP keys should fail gracefully

    [ https://issues.apache.org/jira/browse/INFRA-7576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13971872#comment-13971872 ] 

Sebb commented on INFRA-7576:
-----------------------------

+1

There are currently about 30 expired keys in the people.apache.org keyring cache. Some may no longer be in LDAP, and some may be for the same person, but it gives some idea of the number of people for whom the password reset mail is likely to fail for that reason. Expired keys may still be useful as they may have been used to sign releases.

May perhaps be worth considering whether to send a plain text e-mail if there are no valid keys, just as it does if there are no keys defined.

> selfserve: password reset with multiple LDAP keys should fail gracefully
> ------------------------------------------------------------------------
>
>                 Key: INFRA-7576
>                 URL: https://issues.apache.org/jira/browse/INFRA-7576
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Selfserve
>         Environment: % gpg --list-keys dashorst
> Keyring: /home/daniel/.gnupg/pubring.gpg
> ----------------------------------------
> pub   1024D/FC72FD45 2009-06-28
> uid                  Martijn Dashorst <ma...@topicus.nl>
> uid                  Martijn Dashorst <da...@apache.org>
> uid                  Martijn Dashorst <ma...@gmail.com>
> uid                  Martijn Dashorst (CODE SIGNING KEY) <da...@apache.org>
> uid                  [jpeg image of size 14052]
> sub   4096g/6A056840 2009-06-28
> Keyring: /home/daniel/.gnupg/pubring.gpg
> ----------------------------------------
> pub   1024D/47FB155F 2007-03-10 [revoked: 2008-11-10]
> uid                  Martijn Dashorst (CODE SIGNING KEY) <da...@apache.org>
>            Reporter: Daniel Shahaf (äñ§€¥£¢)
>
> dashorst had two PGP keys in LDAP.  One of them didn't have an encryption subkey, so the attempt to encrypt failed.  (There could be other reasons for this, including but not limited to one key being expired.)
> When there are multiple keys, selfserve should encrypt to all the keys that can be encrypted to; it should not be a fatal error that _some_ keys are unusable so long as _at least one_ key is usable.



--
This message was sent by Atlassian JIRA
(v6.2#6252)